Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-06-07 CVE-2021-35531 OS Command Injection vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system.
local
low complexity
hitachienergy CWE-78
6.7
2022-06-06 CVE-2022-31479 OS Command Injection vulnerability in multiple products
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process.
network
low complexity
hidglobal carrier CWE-78
critical
9.8
2022-06-06 CVE-2022-31486 OS Command Injection vulnerability in multiple products
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands.
network
low complexity
hidglobal carrier CWE-78
8.8
2022-06-03 CVE-2021-42890 OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
network
low complexity
totolink CWE-78
critical
9.8
2022-06-03 CVE-2021-42888 OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.
network
low complexity
totolink CWE-78
critical
9.8
2022-06-03 CVE-2021-42884 OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
network
low complexity
totolink CWE-78
critical
9.8
2022-06-03 CVE-2021-42885 OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.
network
low complexity
totolink CWE-78
critical
9.8
2022-06-02 CVE-2022-26868 OS Command Injection vulnerability in Dell Powerstoreos
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw.
local
low complexity
dell CWE-78
7.8
2022-06-02 CVE-2021-42875 OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.
network
low complexity
totolink CWE-78
critical
9.8
2022-06-02 CVE-2021-34078 OS Command Injection vulnerability in ADP Lifion-Verifiy-Dependencies
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.
network
low complexity
adp CWE-78
8.8