CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,985 vulnerabilities with CWE-78
CVE-2023-36642 MEDIUM
FortiTester <7.2.3 - Command Injection
CVSS 6.7
CVE-2023-39780 HIGH KEV
ASUS RT-AX55 3.0.0.4.386.51598 - Authenticated OS Command Injection via QoS Bandwidth Rule List Parameter
CVSS 8.8
CVE-2023-4873 MEDIUM
Byzoro Smart S45F < 20230906 - OS Command Injection via importexport.php
CVSS 6.3
CVE-2023-20193 MEDIUM
Cisco Identity Services Engine < 2.7 - Privilege Escalation & Arbitrary File Manipulation
CVSS 6.0
CVE-2023-39237 HIGH
ASUS RT-AC86U Firmware - Authenticated OS Command Injection via Traffic Analyzer Apps Analysis
CVSS 8.8
CVE-2023-39236 HIGH
ASUS RT-AC86U Firmware - Authenticated OS Command Injection via Traffic Analyzer Statistic Function
CVSS 8.8
CVE-2023-38033 HIGH
ASUS RT-AC86U Firmware - Authenticated OS Command Injection via Traffic Analyzer Legacy Statistic Function
CVSS 8.8
CVE-2023-38032 HIGH
ASUS RT-AC86U Firmware - Authenticated OS Command Injection via AiProtection Function
CVSS 8.8
CVE-2023-38031 HIGH
ASUS RT-AC86U Firmware - Authenticated OS Command Injection via Adaptive QoS Web History
CVSS 8.8
CVE-2023-41149 CRITICAL
F-RevoCRM <7.3.8 - Command Injection
CVSS 9.8
CVE-2023-40531 HIGH
Archer AX6000 <V1_1.3.0 - Command Injection
CVSS 8.0
CVE-2023-40357 HIGH
TP-LINK Archer AX50/A10/AX10/AX11000 Firmware - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-40193 HIGH
TP-Link Deco M4 Firmware < 1.5.8 - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-39935 HIGH
Archer C5400 Firmware < 230506 - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-39224 HIGH
TP-Link Archer C7 Firmware < 230602 - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-38588 HIGH
Archer C3150 <Archer C3150(JP)_V2_230511 - Command Injection
CVSS 8.0
CVE-2023-38568 HIGH
Archer A10 <Archer A10(JP)_V2_230504 - Command Injection
CVSS 8.8
CVE-2023-38563 HIGH
Archer C1200 <V2_230508 & Archer C9 <V3_230508 - Command Injection
CVSS 8.8
CVE-2023-36489 HIGH
TP-Link TL-WR802N, TL-WR841N, and TL-WR902AC - OS Command Injection
CVSS 8.8
CVE-2023-31188 HIGH
TP-LINK Archer C50/C55/C20 Firmware - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-39362 HIGH
Cacti < 1.2.25 - Authenticated Remote Code Execution via SNMP Device Options
CVSS 7.2
CVE-2023-4711 MEDIUM
D-Link DAR-8000-10 Firmware < 20230819 - OS Command Injection via /log/decodmail.php File Parameter
CVSS 5.0
CVE-2023-40582 CRITICAL
find-exec <1.0.3 - Command Injection
CVSS 9.8
CVE-2023-40839 CRITICAL
Tenda AC6 Firmware US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin - OS Command Injection via formSetIptv
CVSS 9.8
CVE-2023-40838 CRITICAL
Tenda AC6 Firmware - OS Command Injection in sub_3A1D0 Function
CVSS 9.8
Details
Vulnerabilities 5,985
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits