Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-26 | CVE-2023-45741 | OS Command Injection vulnerability in Buffalo Vr-S1000 Firmware VR-S1000 firmware Ver. | 6.8 |
| 2023-12-25 | CVE-2022-39818 | OS Command Injection vulnerability in Nokia Network Functions Manager for Transport 19.9 In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. | 8.8 |
| 2023-12-23 | CVE-2023-7002 | OS Command Injection vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. | 7.2 |
| 2023-12-22 | CVE-2023-50147 | OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513 There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | 9.8 |
| 2023-12-22 | CVE-2023-51033 | OS Command Injection vulnerability in Totolink Ex1200L Firmware 9.3.5U.6146B20201023 TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | 9.8 |
| 2023-12-22 | CVE-2023-51035 | OS Command Injection vulnerability in Totolink Ex1200L Firmware 9.3.5U.6146B20201023 TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | 9.8 |
| 2023-12-22 | CVE-2023-51028 | OS Command Injection vulnerability in Totolink Ex1800T Firmware 9.1.0Cu.2112B20220316 TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | 9.8 |
| 2023-12-20 | CVE-2023-50993 | OS Command Injection vulnerability in Ruijie Rg-Ws6008 Firmware and Rg-Ws6108 Firmware Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. | 9.8 |
| 2023-12-20 | CVE-2023-0011 | OS Command Injection vulnerability in U-Blox products A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. | 6.8 |
| 2023-12-19 | CVE-2023-50466 | OS Command Injection vulnerability in Weintek Cmt2078X Firmware 2.1.3 An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter. | 8.8 |