Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-01-15 CVE-2024-57016 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.
network
low complexity
totolink CWE-78
8.8
2025-01-15 CVE-2024-57017 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
network
low complexity
totolink CWE-78
8.8
2025-01-15 CVE-2024-57018 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.
network
low complexity
totolink CWE-78
8.8
2025-01-15 CVE-2024-57019 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.
network
low complexity
totolink CWE-78
8.8
2025-01-15 CVE-2024-57020 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.
network
low complexity
totolink CWE-78
8.8
2025-01-15 CVE-2024-57021 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
network
low complexity
totolink CWE-78
8.8
2025-01-15 CVE-2024-57022 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.
network
low complexity
totolink CWE-78
8.8
2025-01-14 CVE-2023-37937 OS Command Injection vulnerability in Fortinet Fortiswitch
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.
local
low complexity
fortinet CWE-78
7.8
2025-01-14 CVE-2024-26012 OS Command Injection vulnerability in Fortinet Fortiap, Fortiap-S and Fortiap-W2
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
local
low complexity
fortinet CWE-78
7.8
2025-01-14 CVE-2024-27778 OS Command Injection vulnerability in Fortinet Fortisandbox
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
network
low complexity
fortinet CWE-78
8.8