CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-37903 CRITICAL
Vm2 < 3.9.19 - OS Command Injection
CVSS 9.8
CVE-2023-37292 CRITICAL
HGiga iSherlock 4.5-5.5 - OS Command Injection in iSherlock-user Modules
CVSS 9.8
CVE-2023-37477 HIGH
1Panel < 1.4.3 - Authenticated OS Command Injection via Firewall IP Endpoint
CVSS 7.2
CVE-2023-36670 CRITICAL
Kratos NGC-IDU 9.1.0.4 - Command Injection
CVSS 9.8
CVE-2023-34141 HIGH
Zyxel ATP/NXC series - Command Injection
CVSS 8.0
CVE-2023-34139 HIGH
Zyxel USG FLEX/VPN <5.36 - Command Injection
CVSS 8.8
CVE-2023-34138 HIGH
Zyxel ATP/FLEX/USG20/VPN <5.36 - Command Injection
CVSS 8.0
CVE-2023-33012 HIGH
Zyxel USG/ATP/VPN Firmware 5.00-5.36 Patch 2 - Unauthenticated OS Command Injection via GRE Configuration
CVSS 8.8
CVE-2023-28767 HIGH
Zyxel ATP/USG FLEX/USG20(W)-VPN/VPN <5.36 - Command Injection
CVSS 8.8
CVE-2023-38378 CRITICAL
RIGOL MSO5000 <00.01.03.00.03 - RCE
CVSS 9.8
CVE-2023-37564 HIGH
ELECOM WRC-1167 Series Firmware - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-34127 HIGH
SonicWall GMS <9.3.2-SP1, Analytics <2.5.0.4-R7 - Command Injection
CVSS 8.8
CVE-2023-34116 HIGH
Zoom Desktop Client <5.15.0 - Privilege Escalation
CVSS 8.2
CVE-2023-23777 HIGH
FortiWeb <=7.0.1, 6.4, <=6.3.18 - Authenticated OS Command Injection via CLI Backup
CVSS 7.2
CVE-2023-36922 CRITICAL
SAP ECC/S/4HANA - Command Injection
CVSS 9.1
CVE-2023-3608 MEDIUM
Ruijie BCR810W 2.5.10 - Code Injection
CVSS 4.7
CVE-2023-3607 MEDIUM
kodbox 1.26 - OS Command Injection via WebConsole Plug-In Execute Function
CVSS 5.5
CVE-2023-3606 MEDIUM
TamronOS <20230703 - Command Injection
CVSS 6.3
CVE-2023-37173 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setTracerouteCfg Command Parameter
CVSS 9.8
CVE-2023-37172 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setDiagnosisCfg ip Parameter
CVSS 9.8
CVE-2023-37171 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via admuser Parameter
CVSS 9.8
CVE-2023-37170 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - Unauthenticated Remote Code Execution via Lang Parameter in setLanguageCfg
CVSS 9.8
CVE-2023-25583 HIGH
Milesight UR32L v32.3.0.5 - OS Command Injection via Zebra VLAN Name Configuration
CVSS 7.2
CVE-2023-25582 HIGH
Milesight UR32L v32.3.0.5 - OS Command Injection via Zebra VLAN Name Functionality
CVSS 7.2
CVE-2023-24595 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 7.2
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits