Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-09-20 CVE-2022-37878 OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host.
network
low complexity
arubanetworks CWE-78
7.2
2022-09-16 CVE-2022-38826 OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
9.8
2022-09-16 CVE-2022-38828 OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi
network
low complexity
totolink CWE-78
critical
9.8
2022-09-15 CVE-2022-38534 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.
network
low complexity
totolink CWE-78
7.2
2022-09-15 CVE-2022-38535 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.
network
low complexity
totolink CWE-78
7.2
2022-09-14 CVE-2022-38308 OS Command Injection vulnerability in Totolink A7000Ru Firmware 7.4Cu.2313B20191024
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem.
network
low complexity
totolink CWE-78
critical
9.8
2022-09-13 CVE-2022-39815 OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.
network
low complexity
nokia CWE-78
critical
9.8
2022-09-13 CVE-2022-39819 OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.
network
low complexity
nokia CWE-78
8.8
2022-09-13 CVE-2022-36779 OS Command Injection vulnerability in multiple products
PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301
network
low complexity
proscend advice CWE-78
critical
9.8
2022-09-12 CVE-2022-37860 OS Command Injection vulnerability in Tp-Link M7350 Firmware 190531
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.
network
low complexity
tp-link CWE-78
critical
9.8