CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-44279 MEDIUM
Dell PowerProtect DD < 7.13.0.10 - Authenticated OS Command Injection via Administrator CLI
CVSS 6.7
CVE-2023-44277 HIGH
Dell PowerProtect DD < 7.13.0.10 - OS Command Injection via CLI
CVSS 7.8
CVE-2023-6795 MEDIUM
PAN-OS 8.1.0-8.1.23 - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-6792 MEDIUM
PAN-OS 8.1.0-8.1.23 - Authenticated OS Command Injection via XML API
CVSS 5.5
CVE-2023-42495 CRITICAL
Dasan Networks W-Web 1.22-1.27 - OS Command Injection
CVSS 9.8
CVE-2023-48782 HIGH
Fortinet FortiWLM <8.6.5 - Command Injection
CVSS 8.8
CVE-2023-40716 MEDIUM
FortiTester <7.2.3 - Command Injection
CVSS 6.7
CVE-2023-46454 CRITICAL
GL.iNET GL-AR300M <4.3.7 - Command Injection
CVSS 9.8
CVE-2023-49692 HIGH
Siemens SCALANCE and RUGGEDCOM Firmware < 7.2.2 - Authenticated OS Command Injection via IPSEC Configuration
CVSS 7.2
CVE-2023-49691 HIGH
Siemens SCALANCE and RUGGEDCOM < 8.0 - OS Command Injection via DDNS Configuration
CVSS 7.2
CVE-2023-48428 HIGH
SINEC INS < V1.0 SP2 Update 2 - Authenticated Denial of Service and OS Command Injection via Radius Certificate Upload
CVSS 7.2
CVE-2023-49695 MEDIUM
ELECOM WRC-X3000GSN 1.0.2, WRC-X3000GS < 1.0.24, WRC-X3000GSA < 1.0.24 - Authenticated OS Command Injection
CVSS 6.8
CVE-2023-47254 CRITICAL
DrayTek Vigor167 5.2.2 - Authenticated OS Command Injection via CLI Interface
CVSS 9.8
CVE-2023-6612 MEDIUM
Totolink X5000R 9.1.0cu.2300_B20230112 - Info Disclosure
CVSS 5.5
CVE-2023-47565 HIGH KEV
QVR Firmware 4.0.0-4.x - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-46157 HIGH
MGT CloudPanel <2.3.2 - Command Injection
CVSS 8.8
CVE-2023-43744 HIGH
Zultys MX-SE <17.0.10.17161 & 16.04.16109 - Command Injection
CVSS 7.2
CVE-2023-49897 HIGH KEV
fxc AE1021 and AE1021PE Firmware < 2.0.10 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-44221 HIGH KEV
SonicWall SMA 200/210/400/410/500v Firmware < 10.2.1.9-57sv - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-6357 HIGH
File System Libraries - Command Injection
CVSS 8.8
CVE-2023-24046 MEDIUM
Connectize AC21000 G6 - Command Injection
CVSS 6.8
CVE-2023-48800 CRITICAL
TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-44304 HIGH
Dell DM5500 Firmware < 5.14.0.0 - Privilege Escalation via Restricted Shell Escape
CVSS 8.8
CVE-2023-44291 HIGH
Dell PowerProtect Data Manager DM5500 Firmware < 5.14.0.0 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-48842 CRITICAL
D-Link Go-RT-AC750 - Command Injection
CVSS 9.8
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits