Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-08-23 CVE-2022-1513 OS Command Injection vulnerability in Lenovo Pcmanager
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.
network
low complexity
lenovo CWE-78
8.8
2022-08-23 CVE-2021-42232 OS Command Injection vulnerability in Tp-Link Archer A7 Firmware 210519
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp.
network
low complexity
tp-link CWE-78
critical
9.8
2022-08-18 CVE-2022-37061 OS Command Injection vulnerability in Flir AX8 Firmware
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection.
network
low complexity
flir CWE-78
critical
9.8
2022-08-17 CVE-2022-1410 OS Command Injection vulnerability in Device42 Cmdb
OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device.
network
low complexity
device42 CWE-78
8.8
2022-08-16 CVE-2022-36273 OS Command Injection vulnerability in Tenda AC9 Firmware 15.03.2.21Cn
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.
network
low complexity
tenda CWE-78
critical
9.8
2022-08-16 CVE-2022-36381 OS Command Injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP 001 Firmware
OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
network
low complexity
nintendo CWE-78
7.2
2022-08-16 CVE-2022-36309 OS Command Injection vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI.
network
low complexity
airspan CWE-78
8.8
2022-08-12 CVE-2022-35555 OS Command Injection vulnerability in Tenda W6 Firmware 1.0.0.9(4122)
A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.
network
low complexity
tenda CWE-78
critical
9.8
2022-08-10 CVE-2022-20827 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-78
critical
10.0
2022-08-05 CVE-2022-21178 OS Command Injection vulnerability in TCL Linkhub Mesh Wifi Ac1200 Ms1G0001.0014
An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14.
network
low complexity
tcl CWE-78
critical
9.8