Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-30 | CVE-2023-50651 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | 9.8 |
| 2023-12-28 | CVE-2023-50445 | OS Command Injection vulnerability in Gl-Inet products Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. | 7.8 |
| 2023-12-26 | CVE-2023-51094 | OS Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | 9.8 |
| 2023-12-26 | CVE-2023-51098 | OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | 9.8 |
| 2023-12-26 | CVE-2023-51099 | OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | 9.8 |
| 2023-12-26 | CVE-2023-51100 | OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | 9.8 |
| 2023-12-26 | CVE-2023-45741 | OS Command Injection vulnerability in Buffalo Vr-S1000 Firmware VR-S1000 firmware Ver. | 6.8 |
| 2023-12-25 | CVE-2022-39818 | OS Command Injection vulnerability in Nokia Network Functions Manager for Transport 19.9 In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. | 8.8 |
| 2023-12-23 | CVE-2023-7002 | OS Command Injection vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. | 7.2 |
| 2023-12-22 | CVE-2023-50147 | OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513 There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | 9.8 |