Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2022-29592 | OS Command Injection vulnerability in Tenda TX9 PRO Firmware 22.03.02.10 Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). | 9.8 |
| 2022-05-05 | CVE-2021-41739 | OS Command Injection vulnerability in Artica-Proxy Artica Proxy 4.30.000000 A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. | 9.8 |
| 2022-05-04 | CVE-2022-20799 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. | 7.2 |
| 2022-05-04 | CVE-2022-20801 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. | 7.2 |
| 2022-05-04 | CVE-2022-28557 | OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.20Multitde01 There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution | 9.8 |
| 2022-05-04 | CVE-2022-27903 | OS Command Injection vulnerability in Eve-Ng 2.0.3112/4.0.165 An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files. | 8.8 |
| 2022-05-04 | CVE-2022-28055 | OS Command Injection vulnerability in Fusionpbx Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. | 9.8 |
| 2022-05-04 | CVE-2021-43164 | OS Command Injection vulnerability in Ruijienetworks Reyeeos A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. | 8.8 |
| 2022-05-03 | CVE-2022-1292 | OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. | 9.8 |
| 2022-05-03 | CVE-2021-42165 | OS Command Injection vulnerability in Mitrastar Gpt-2541Gnac-N1 Firmware Brg3.5100Vnz0B33 MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | 8.8 |