Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-07-07 CVE-2023-37173 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2023-07-06 CVE-2023-22371 OS Command Injection vulnerability in Milesight Milesightvpn 2.0.2
An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2.
network
high complexity
milesight CWE-78
8.1
2023-07-06 CVE-2023-22659 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
7.2
2023-07-06 CVE-2023-23550 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
7.2
2023-07-06 CVE-2023-24519 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
2023-07-06 CVE-2023-24520 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
2023-07-06 CVE-2023-24582 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
2023-07-05 CVE-2023-27198 OS Command Injection vulnerability in Paxtechnology PAX A930 Firmware Paydroid7.1.1Virgov04.5.0220220722
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed.
low complexity
paxtechnology CWE-78
6.8
2023-07-05 CVE-2023-36622 OS Command Injection vulnerability in Loxone Miniserver GO GEN 2 Firmware
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.
network
low complexity
loxone CWE-78
7.2
2023-07-03 CVE-2023-3314 OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s).
network
low complexity
trellix CWE-78
8.8