Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-10-17 CVE-2023-43959 OS Command Injection vulnerability in Yealink Sip-T19P-E2 Firmware 53.84.0.15
An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.
network
low complexity
yealink CWE-78
8.8
2023-10-16 CVE-2023-3991 OS Command Injection vulnerability in Freshtomato 2023.3
An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3.
network
low complexity
freshtomato CWE-78
critical
9.8
2023-10-16 CVE-2023-45158 OS Command Injection vulnerability in Web2Py
An OS command injection vulnerability exists in web2py 2.24.1 and earlier.
network
low complexity
web2py CWE-78
critical
9.8
2023-10-13 CVE-2023-32976 OS Command Injection vulnerability in Qnap Container Station
An OS command injection vulnerability has been reported to affect Container Station.
network
low complexity
qnap CWE-78
7.2
2023-10-13 CVE-2023-45467 OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.
network
low complexity
netis-systems CWE-78
critical
9.8
2023-10-11 CVE-2023-27380 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
2023-10-11 CVE-2023-28381 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
2023-10-11 CVE-2023-34356 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
2023-10-11 CVE-2023-35193 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
2023-10-11 CVE-2023-35194 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8