CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-48812 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - RCE
CVSS 9.8
CVE-2023-48811 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - RCE
CVSS 9.8
CVE-2023-48810 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-48808 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-48807 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-48806 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - RCE
CVSS 9.8
CVE-2023-48805 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-48804 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-48803 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-48802 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-4474 CRITICAL
Zyxel NAS326/NAS542 < 5.21(AAZF.14)C0/5.21(ABAG.11)C0 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2023-4473 CRITICAL
Zyxel NAS326/NAS542 < 5.21(AAZF.14)C0/5.21(ABAG.11)C0 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2023-37928 HIGH
Zyxel NAS326/NAS542 <5.21(AAZF.14)C0/<5.21(ABAG.11)C0 Authenticated OS Command Injection
CVSS 8.8
CVE-2023-37927 HIGH
Zyxel NAS326/NAS542 < 5.21(AAZF.14)C0/< 5.21(ABAG.11)C0 Authenticated OS Command Injection
CVSS 8.8
CVE-2023-35138 CRITICAL
Zyxel NAS326 & NAS542 < 5.21(aazf.14)c0 & < 5.21(abag.11)c0 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2023-3741 CRITICAL
NEC DT900 and DT900S Series - OS Command Injection
CVSS 9.8
CVE-2023-23325 CRITICAL
Zumtobel Netlink CCD Firmware 3.74-3.80 - OS Command Injection via NetHostname Parameter
CVSS 9.8
CVE-2023-6201 HIGH
Univera Computer System Panorama <8.0 - Command Injection
CVSS 8.8
CVE-2023-4222 HIGH
Chamilo LMS <= 1.11.24 - Command Injection
CVSS 7.2
CVE-2023-4221 HIGH
Chamilo LMS <= 1.11.24 - Command Injection
CVSS 7.2
CVE-2023-3368 CRITICAL
Chamilo LMS <= 1.11.20 - Command Injection
CVSS 9.8
CVE-2023-6309 MEDIUM
moses-smt mosesdecoder <4.0 - Code Injection
CVSS 5.5
CVE-2023-6304 HIGH
Tecno 4G Portable WiFi TR118 - Code Injection
CVSS 7.2
CVE-2023-4149 CRITICAL
WAGO 0852-0602/0852-0603/0852-1605 Firmware - Unauthenticated OS Command Injection via Web Management Request Handling
CVSS 9.8
CVE-2023-35762 CRITICAL
INEA ME RTU Firmware < 3.37 - OS Command Injection
CVSS 9.9
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits