Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-05-10 CVE-2022-28901 OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28905 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28906 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28907 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28908 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28909 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28910 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28911 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28912 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2022-05-10 CVE-2022-28913 OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.
network
low complexity
totolink CWE-78
critical
 9.8
9.8