Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-02-02 CVE-2022-46552 OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A53Dbr
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter.
network
low complexity
dlink CWE-78
8.8
2023-02-01 CVE-2023-23076 OS Command Injection vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
network
low complexity
zohocorp CWE-78
critical
9.8
2023-02-01 CVE-2023-23692 OS Command Injection vulnerability in Dell EMC Data Domain OS
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability.
network
low complexity
dell CWE-78
8.8
2023-02-01 CVE-2022-25906 OS Command Injection vulnerability in Is-Http2 Project Is-Http2
All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.
local
low complexity
is-http2-project CWE-78
7.8
2023-01-30 CVE-2022-42484 OS Command Injection vulnerability in multiple products
An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5.
network
low complexity
freshtomato siretta CWE-78
critical
9.8
2023-01-27 CVE-2022-48107 OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress.
network
low complexity
dlink CWE-78
critical
9.8
2023-01-27 CVE-2022-48108 OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask.
network
low complexity
dlink CWE-78
critical
9.8
2023-01-27 CVE-2022-48069 OS Command Injection vulnerability in Totolink A830R Firmware 4.1.2Cu.5182
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.
network
low complexity
totolink CWE-78
7.5
2023-01-27 CVE-2022-48070 OS Command Injection vulnerability in Phicomm K2 Firmware 22.6.534.263
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
local
low complexity
phicomm CWE-78
7.8
2023-01-27 CVE-2022-48072 OS Command Injection vulnerability in Phicomm K2 Firmware 22.6.3.20
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
local
low complexity
phicomm CWE-78
7.8