Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-07 | CVE-2023-37173 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | 9.8 |
| 2023-07-06 | CVE-2023-22371 | OS Command Injection vulnerability in Milesight Milesightvpn 2.0.2 An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. | 8.1 |
| 2023-07-06 | CVE-2023-22659 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. | 7.2 |
| 2023-07-06 | CVE-2023-23550 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. | 7.2 |
| 2023-07-06 | CVE-2023-24519 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. | 8.8 |
| 2023-07-06 | CVE-2023-24520 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. | 8.8 |
| 2023-07-06 | CVE-2023-24582 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. | 8.8 |
| 2023-07-05 | CVE-2023-27198 | OS Command Injection vulnerability in Paxtechnology PAX A930 Firmware Paydroid7.1.1Virgov04.5.0220220722 PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. | 6.8 |
| 2023-07-05 | CVE-2023-36622 | OS Command Injection vulnerability in Loxone Miniserver GO GEN 2 Firmware The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. | 7.2 |
| 2023-07-03 | CVE-2023-3314 | OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3 A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). | 8.8 |