High
CVE-2022-34753
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affecte…
Tag: Command Injection
All CVEs associated with "Command Injection". Page 34/48 • 5730 CVEs.
Subscribe CVEs: RSS for “Command Injection” · RSS (High+Critical only)
About “Command Injection”
A curated feed of “Command Injection”-related CVEs appears below. We currently track 5730 CVEs for this tag (all time). In the last 365 days, 1683 were published. Average CVSS is 8.2 (all time; 7.8 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-07-13
2022-07-12
Medium
CVE-2022-22997
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud H…
High
CVE-2021-36667
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.…
High
CVE-2022-29560
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500…
2022-07-07
Critical
CVE-2022-34592
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a craf…
Critical
CVE-2022-32449
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted M…
High
CVE-2022-25048
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
2022-07-06
Critical
CVE-2022-34597
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.
Critical
CVE-2022-34596
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.
Critical
CVE-2022-34595
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.
High
CVE-2022-28935
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, T…
2022-07-05
Medium
CVE-2022-31014
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backe…
2022-07-04
High
CVE-2022-33948
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the produ…
2022-07-01
High
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
2022-06-30
Critical
CVE-2014-0156
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, at…
Critical
CVE-2022-33329
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution.…
Critical
CVE-2022-33328
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution.…
Critical
CVE-2022-33327
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution.…
Critical
CVE-2022-33326
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution.…
Critical
CVE-2022-33325
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution.…
Critical
CVE-2022-33314
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command executio…
Critical
CVE-2022-33313
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command executio…
Critical
CVE-2022-33312
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command executio…
2022-06-28
Critical
CVE-2022-31885
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
2022-06-27
Critical
CVE-2022-32092
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
2022-06-23
High
CVE-2022-32534
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell co…
2022-06-21
High
CVE-2022-2068
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command inj…
Critical
CVE-2022-26147
The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.
2022-06-17
Critical
CVE-2022-31874
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
2022-06-16
High
CVE-2022-30023
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
2022-06-15
High
CVE-2022-33140
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operati…
2022-06-14
High
CVE-2022-32262
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker…
2022-06-13
Critical
CVE-2022-30311
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of…
Critical
CVE-2022-30310
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of…
Critical
CVE-2022-30309
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execut…
Critical
CVE-2022-30308
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized executi…
2022-06-11
High
CVE-2021-41738
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
2022-06-10
High
CVE-2022-24376
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package…
2022-06-09
Critical
CVE-2022-1986
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
Critical
CVE-2022-29013
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
2022-06-08
High
CVE-2022-24065
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed…
2022-06-07
High
CVE-2020-36529
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to pri…
2022-06-03
Critical
CVE-2021-42890
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
Critical
CVE-2021-42888
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.
Critical
CVE-2021-42885
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.
Critical
CVE-2021-42884
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
2022-06-02
Medium
CVE-2022-26868
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution…
Critical
CVE-2021-42875
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.
High
CVE-2022-30425
Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST req…
Critical
CVE-2022-29712
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
High
CVE-2021-44080
A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the conne…
Critical
CVE-2021-42872
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.
Critical
CVE-2021-34084
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.
Critical
CVE-2021-34082
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix fun…
High
CVE-2021-34081
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.
Critical
CVE-2021-34080
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the…
Critical
CVE-2021-34079
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml f…
High
CVE-2021-34078
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.
2022-05-25
High
CVE-2022-30321
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
2022-05-24
Critical
CVE-2022-29337
C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary comman…
2022-05-22
Critical
CVE-2022-1813
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.
2022-05-20
Critical
CVE-2022-28618
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could…
High
CVE-2022-29184
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configura…
Critical
CVE-2021-34111
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.
2022-05-18
Critical
CVE-2022-30105
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. Th…
High
CVE-2021-42852
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to…
High
CVE-2022-29639
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.
2022-05-17
High
CVE-2022-24394
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulne…
High
CVE-2022-24393
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vuln…
High
CVE-2022-24392
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerabili…
High
CVE-2022-23673
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
High
CVE-2022-23672
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
2022-05-16
High
CVE-2022-23667
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
Critical
CVE-2022-23666
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
Critical
CVE-2022-23665
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
Critical
CVE-2022-23664
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
Critical
CVE-2022-23663
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
Critical
CVE-2022-23662
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
Critical
CVE-2022-23661
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has…
2022-05-13
High
CVE-2022-25865
The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) functio…
High
CVE-2021-42969
Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the termi…
2022-05-12
High
CVE-2022-26518
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code…
High
CVE-2022-26420
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code…
High
CVE-2022-26085
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An…
High
CVE-2022-26075
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code…
High
CVE-2022-26042
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution.…
High
CVE-2022-26007
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker…
Critical
CVE-2022-29307
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.
Critical
CVE-2022-29303
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
Critical
CVE-2022-29539
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validati…
Critical
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 fi…
2022-05-10
Critical
CVE-2022-28915
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
Critical
CVE-2022-28913
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.
Critical
CVE-2022-28912
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
Critical
CVE-2022-28911
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
Critical
CVE-2022-28910
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
Critical
CVE-2022-28909
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
Critical
CVE-2022-28908
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
Critical
CVE-2022-28907
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
Critical
CVE-2022-28906
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.
Critical
CVE-2022-28905
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
Critical
CVE-2022-28901
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
Critical
CVE-2022-28896
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
Critical
CVE-2022-28895
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
2022-05-09
High
CVE-2022-27224
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools sect…
High
CVE-2022-23332
Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrar…
2022-05-05
Critical
CVE-2022-27411
TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.
Critical
CVE-2022-28584
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands…
Critical
CVE-2022-28583
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands t…
Critical
CVE-2022-28582
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary command…
Critical
CVE-2022-28581
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary comma…
Critical
CVE-2022-28580
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary command…
Critical
CVE-2022-28579
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary command…
Critical
CVE-2022-28578
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands t…
Critical
CVE-2022-28577
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary command…
Critical
CVE-2022-28575
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary comman…
Critical
CVE-2022-29592
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).
High
CVE-2022-27806
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appli…
High
CVE-2021-44051
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We hav…
Critical
CVE-2021-41739
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.