Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-16 | CVE-2022-26580 | OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419 PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. | 6.8 |
| 2022-12-16 | CVE-2022-26582 | OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419 PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. | 7.8 |
| 2022-12-16 | CVE-2022-47208 | OS Command Injection vulnerability in Netgear products The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. | 8.8 |
| 2022-12-16 | CVE-2022-47210 | OS Command Injection vulnerability in Netgear Rax30 Firmware The default console presented to users over telnet (when enabled) is restricted to a subset of commands. | 7.8 |
| 2022-12-15 | CVE-2022-46631 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. | 9.8 |
| 2022-12-15 | CVE-2022-46634 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | 9.8 |
| 2022-12-14 | CVE-2022-24377 | OS Command Injection vulnerability in Cycle-Import-Check Project Cycle-Import-Check The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. | 9.8 |
| 2022-12-14 | CVE-2022-42139 | OS Command Injection vulnerability in Deltaww Dvw-W02W2-E2 Firmware 2.42 Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | 8.8 |
| 2022-12-14 | CVE-2022-42140 | OS Command Injection vulnerability in Deltaww Dx-2100-L1-Cn Firmware 1.5.0.10 Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | 7.2 |
| 2022-12-13 | CVE-2022-45005 | OS Command Injection vulnerability in Ip-Com EW9 Firmware 15.11.0.14(9732) IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. | 9.8 |