Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-18 | CVE-2022-37061 | OS Command Injection vulnerability in Flir AX8 Firmware All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. | 9.8 |
| 2022-08-17 | CVE-2022-1410 | OS Command Injection vulnerability in Device42 Cmdb OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. | 8.8 |
| 2022-08-16 | CVE-2022-36273 | OS Command Injection vulnerability in Tenda AC9 Firmware 15.03.2.21Cn Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. | 9.8 |
| 2022-08-16 | CVE-2022-36381 | OS Command Injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP 001 Firmware OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | 7.2 |
| 2022-08-16 | CVE-2022-36309 | OS Command Injection vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. | 8.8 |
| 2022-08-12 | CVE-2022-35555 | OS Command Injection vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. | 9.8 |
| 2022-08-10 | CVE-2022-20827 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 10.0 |
| 2022-08-05 | CVE-2022-21178 | OS Command Injection vulnerability in TCL Linkhub Mesh Wifi Ac1200 Ms1G0001.0014 An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. | 9.8 |
| 2022-08-05 | CVE-2022-34769 | OS Command Injection vulnerability in Rashim Michlol Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user. | 5.5 |
| 2022-08-02 | CVE-2020-28424 | OS Command Injection vulnerability in S3-Kilatstorage Project S3-Kilatstorage This affects all versions of package s3-kilatstorage. | 9.8 |