CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,946 vulnerabilities with CWE-78
CVE-2026-0711
MEDIUM
Zyxel DX3300-T0 firmware <= 5.50(ABVY.7.1)C0 - Authenticated OS Command Injection via EasyMesh API
CVSS 6.8
CVE-2026-7204
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
CVE-2026-7203
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
CVSS 9.8
CVE-2026-7202
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection
CVSS 9.8
CVE-2026-32649
MEDIUM
Milesight Cameras OS Command Injection
CVSS 6.8
CVE-2026-7156
CRITICAL
Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
CVSS 9.8
CVE-2026-7155
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
CVSS 9.8
CVE-2026-7154
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
CVSS 9.8
CVE-2026-7153
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
CVSS 9.8
CVE-2026-7152
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setTelnetCfg os command injection
CVSS 9.8
CVE-2026-7140
CRITICAL
Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
CVSS 9.8
CVE-2026-7139
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection
CVSS 9.8
CVE-2026-7138
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection
CVSS 9.8
CVE-2026-7137
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setStorageCfg os command injection
CVSS 9.8
CVE-2026-7136
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setDmzCfg os command injection
CVSS 9.8
CVE-2026-7125
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
CVSS 9.8
CVE-2026-7124
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setIpv6LanCfg os command injection
CVSS 9.8
CVE-2026-7123
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection
CVSS 9.8
CVE-2026-7122
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setUPnPCfg os command injection
CVSS 9.8
CVE-2026-7121
CRITICAL
Totolink A8000RU CGI cstecgi.cgi setWizardCfg os command injection
CVSS 9.8
CVE-2026-7119
HIGH
Tenda HG3 formCountrystr os command injection
CVSS 8.8
CVE-2026-7096
HIGH
Tenda HG3 formgponConf os command injection
CVSS 8.8
CVE-2026-7066
HIGH
choieastsea simple-openstack-mcp server.py exec_openstack os command injection
CVSS 7.3
CVE-2026-33277
HIGH
Japan Computer Emergency Response Team Coordination Center (jpcert/cc) LogonTracer < prior to v2.0.0 - Command Injection
CVSS 8.8
CVE-2026-7064
HIGH
AgentDeskAI browser-tools-mcp browser-connector.ts os command injection
CVSS 7.3
Details
Vulnerabilities
5,946
Exploit Likelihood
High