Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-15 | CVE-2017-9328 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.0.33 Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | 9.8 |
| 2017-09-15 | CVE-2017-10813 | OS Command Injection vulnerability in Corega WLR 300 NM Firmware 1.90 CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 6.8 |
| 2017-09-13 | CVE-2017-14429 | OS Command Injection vulnerability in Dlink Dir-850L Firmware The DHCP client on D-Link DIR-850L REV. | 9.8 |
| 2017-09-13 | CVE-2017-14405 | OS Command Injection vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | 7.2 |
| 2017-09-07 | CVE-2017-6796 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. | 6.7 |
| 2017-09-07 | CVE-2017-13713 | OS Command Injection vulnerability in Twsz Wifi Repeater Firmware T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | 8.8 |
| 2017-09-04 | CVE-2017-14135 | OS Command Injection vulnerability in Dreambox Opendreambox 2.0 enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI. | 9.8 |
| 2017-09-04 | CVE-2017-14127 | OS Command Injection vulnerability in Technicolor Td5336 Firmware 7.0 Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. | 9.8 |
| 2017-09-03 | CVE-2017-14119 | OS Command Injection vulnerability in Eyesofnetwork 5.10 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. | 8.8 |
| 2017-09-03 | CVE-2017-14118 | OS Command Injection vulnerability in Eyesofnetwork 5.10 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | 8.8 |