Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-34141 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance. | 8.0 |
| 2023-07-17 | CVE-2023-28767 | OS Command Injection vulnerability in Zyxel products The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. | 8.8 |
| 2023-07-16 | CVE-2023-38378 | OS Command Injection vulnerability in Rigol Mso5000 Firmware 00.01.03.00.03 The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application. | 9.8 |
| 2023-07-13 | CVE-2023-37564 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. | 8.0 |
| 2023-07-13 | CVE-2023-34127 | OS Command Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. | 8.8 |
| 2023-07-11 | CVE-2023-23777 | OS Command Injection vulnerability in Fortinet Fortiweb An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters. | 7.2 |
| 2023-07-11 | CVE-2023-36922 | OS Command Injection vulnerability in SAP Netweaver Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. | 8.8 |
| 2023-07-10 | CVE-2023-3608 | OS Command Injection vulnerability in Ruijienetworks Bcr810W Firmware 2.5.10 A vulnerability was found in Ruijie BCR810W 2.5.10. | 8.8 |
| 2023-07-10 | CVE-2023-3606 | OS Command Injection vulnerability in Tamronos 20230703 A vulnerability was found in TamronOS up to 20230703. | 8.8 |
| 2023-07-10 | CVE-2023-3607 | OS Command Injection vulnerability in Kodcloud Kodbox 1.26 A vulnerability was found in kodbox 1.26. | 8.0 |