Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-25 | CVE-2022-31499 | OS Command Injection vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P/0.3209C Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. | 9.8 |
| 2022-08-25 | CVE-2022-20865 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
| 2022-08-25 | CVE-2022-36455 | OS Command Injection vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | 7.8 |
| 2022-08-25 | CVE-2022-37079 | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | 7.8 |
| 2022-08-25 | CVE-2022-37081 | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | 7.8 |
| 2022-08-25 | CVE-2022-37082 | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. | 7.8 |
| 2022-08-25 | CVE-2022-37083 | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. | 7.8 |
| 2022-08-25 | CVE-2022-37810 | OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. | 9.8 |
| 2022-08-25 | CVE-2022-36456 | OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610 TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | 7.8 |
| 2022-08-25 | CVE-2022-36458 | OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | 7.8 |