CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-38025 CRITICAL
SpotCam FHD 2 Firmware < 1.0039 - Unauthenticated OS Command Injection via Hidden Telnet Function
CVSS 9.8
CVE-2023-4542 MEDIUM
D-Link DAR-8000-10 <20230809 - Code Injection
CVSS 6.3
CVE-2023-37249 HIGH
Infoblox NIOS < 8.5.2 - OS Command Injection
CVSS 8.8
CVE-2023-40144 HIGH
CBC Firmware - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-4412 MEDIUM
TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 - OS Command Injection via setWanCfg Function
CVSS 6.3
CVE-2023-4411 MEDIUM
TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 - OS Command Injection via setTracerouteCfg
CVSS 6.3
CVE-2023-4410 MEDIUM
TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 - OS Command Injection via setDiagnosisCfg
CVSS 6.3
CVE-2023-40072 HIGH
ELECOM WAB-S600-PS and WAB-S300 Firmware - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-40069 CRITICAL
ELECOM Wireless LAN Routers - OS Command Injection
CVSS 9.8
CVE-2023-39944 HIGH
ELECOM WRC-F1167ACF and WRC-1750GHBK Firmware - OS Command Injection
CVSS 8.8
CVE-2023-39455 HIGH
ELECOM Wireless LAN Routers - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-39416 HIGH
Proself <=5.61/1.62/1.07 Authenticated OS Command Injection
CVSS 7.2
CVE-2023-34215 HIGH
Moxa TN-5900 Firmware < 3.3 - OS Command Injection via Certification-Generation Function
CVSS 7.2
CVE-2023-34214 HIGH
Moxa TN-4900 and TN-5900 Firmware - OS Command Injection via Certificate Generation Function
CVSS 7.2
CVE-2023-34213 HIGH
Moxa TN-5900 Firmware < 3.3 - OS Command Injection via Key-Generation Function
CVSS 8.8
CVE-2023-33239 HIGH
TN-4900/TN-5900 <1.2.4/<3.3 - Command Injection
CVSS 8.8
CVE-2023-33238 HIGH
TN-4900/TN-5900 <1.2.4/<3.3 - Command Injection
CVSS 7.2
CVE-2023-35893 CRITICAL
IBM Security Guardium <11.5 - Command Injection
CVSS 9.9
CVE-2023-20017 MEDIUM
Cisco Intersight Private Virtual Appliance - RCE
CVSS 6.5
CVE-2023-20013 MEDIUM
Cisco Intersight Private Virtual Appliance - RCE
CVSS 6.5
CVE-2023-33013 HIGH
Zyxel NBG6604 Firmware V1.01(ABIR.1)C0 - Authenticated OS Command Injection via NTP Feature
CVSS 8.8
CVE-2023-3267 CRITICAL
CyberPower PowerPanel Server < 2.6.9 - Authenticated OS Command Injection via Remote Backup Username Field
CVSS 9.1
CVE-2023-3261 HIGH
Cyberpower Powerpanel Server < 2.6.9 - OS Command Injection
CVSS 7.5
CVE-2023-3260 HIGH
Cyberpower Powerpanel Server < 2.6.9 - OS Command Injection
CVSS 7.2
CVE-2023-40253 MEDIUM
Genian NAC 4.0.0-4.0.155, 5.0.0-5.0.42; Suite 5.0.0-5.0.54; ZTNA 6.0.0-6.0.15 - Auth Abuse
CVSS 6.0
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits