Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-39935 OS Command Injection vulnerability in Tp-Link Archer C5400 Firmware
Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.0
8.0
2023-09-06 CVE-2023-40193 OS Command Injection vulnerability in Tp-Link Deco M4 Firmware
Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.0
8.0
2023-09-06 CVE-2023-40357 OS Command Injection vulnerability in Tp-Link products
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.0
8.0
2023-09-06 CVE-2023-40531 OS Command Injection vulnerability in Tp-Link Archer Ax6000 Firmware
Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.0
8.0
2023-09-05 CVE-2015-2201 OS Command Injection vulnerability in multiple products
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
network
low complexity
hp arubanetworks CWE-78
7.2
7.2
2023-08-30 CVE-2023-40837 OS Command Injection vulnerability in Tenda AC6 Firmware 15.03.05.16
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2023-08-30 CVE-2023-40838 OS Command Injection vulnerability in Tenda AC6 Firmware 15.03.05.16
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2023-08-30 CVE-2023-40839 OS Command Injection vulnerability in Tenda AC6 Firmware 15.03.05.16
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2023-08-28 CVE-2023-41109 OS Command Injection vulnerability in Patton Smartnode Sn200 Firmware 2.21.122041/3.21.223021
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
network
low complexity
patton CWE-78
critical
 9.8
9.8
2023-08-28 CVE-2023-1997 OS Command Injection vulnerability in 3DS 3Dexperience R2021X/R2022X/R2023X
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x.
network
low complexity
3ds CWE-78
8.8
8.8