Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-12-19 CVE-2022-43443 OS Command Injection vulnerability in Buffalo products
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
low complexity
buffalo CWE-78
8.8
2022-12-19 CVE-2022-43466 OS Command Injection vulnerability in Buffalo products
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
low complexity
buffalo CWE-78
6.8
2022-12-19 CVE-2022-44456 OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
network
low complexity
contec CWE-78
critical
9.8
2022-12-16 CVE-2022-26580 OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service.
low complexity
paxtechnology CWE-78
6.8
2022-12-16 CVE-2022-26582 OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client.
local
low complexity
paxtechnology CWE-78
7.8
2022-12-16 CVE-2022-47208 OS Command Injection vulnerability in Netgear products
The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input.
low complexity
netgear CWE-78
8.8
2022-12-16 CVE-2022-47210 OS Command Injection vulnerability in Netgear Rax30 Firmware
The default console presented to users over telnet (when enabled) is restricted to a subset of commands.
local
low complexity
netgear CWE-78
7.8
2022-12-15 CVE-2022-46631 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2022-12-15 CVE-2022-46634 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2022-12-14 CVE-2022-24377 OS Command Injection vulnerability in Cycle-Import-Check Project Cycle-Import-Check
The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.
network
low complexity
cycle-import-check-project CWE-78
critical
9.8