CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2022-38841 HIGH
Linksys AX3200 1.1.00 - Command Injection
CVSS 8.8
CVE-2022-43948 MEDIUM
Fortinet FortiWeb <7.0.4 - Command Injection
CVSS 6.7
CVE-2022-40679 HIGH
FortiADC 5.x-7.1.0, FortiDDoS 4.x-5.6.x, FortiDDoS-F 6.1.0-6.4.0 - OS Command Injection
CVSS 7.8
CVE-2022-43647 HIGH
D-Link DIR-825 1.0.9/EE - Unauthenticated Code Execution via xupnpd Service
CVSS 8.8
CVE-2022-43646 HIGH
D-Link DIR-825 1.0.9/EE - Unauthenticated Code Execution via xupnpd Vimeo Plugin
CVSS 8.8
CVE-2022-43645 HIGH
D-Link DIR-825 1.0.9/EE - Unauthenticated Code Execution via xupnpd IVI Plugin
CVSS 8.8
CVE-2022-43644 HIGH
D-Link DIR-825 1.0.9/EE - Unauthenticated Code Execution via xupnpd Dreambox Plugin
CVSS 8.8
CVE-2022-43643 HIGH
D-Link DIR-825 1.0.9/EE - Unauthenticated Code Execution via xupnpd Generic Plugin
CVSS 8.8
CVE-2022-43642 HIGH
D-Link DIR-825 1.0.9/EE - Unauthenticated Code Execution via xupnpd YouTube Plugin
CVSS 8.8
CVE-2022-43633 MEDIUM
D-Link DIR-1935 < 1.03 - Authenticated OS Command Injection via SetSysLogSettings IPAddress Parameter
CVSS 6.8
CVE-2022-43632 MEDIUM
D-Link DIR-1935 < 1.03 - Unauthenticated Remote Code Execution via SetQoSSettings Request
CVSS 6.8
CVE-2022-43631 MEDIUM
D-Link DIR-1935 < 1.03 - Authenticated OS Command Injection via SetVirtualServerSettings Request
CVSS 6.8
CVE-2022-43629 MEDIUM
D-Link DIR-1935 < 1.03 - Unauthenticated Remote Code Execution via SetSysEmailSettings Request
CVSS 6.8
CVE-2022-43628 MEDIUM
D-Link DIR-1935 < 1.03 - Authenticated OS Command Injection via SetIPv6FirewallSettings Request
CVSS 6.8
CVE-2022-43627 MEDIUM
D-Link DIR-1935 < 1.03 - Unauthenticated OS Command Injection via SetStaticRouteIPv4Settings
CVSS 6.8
CVE-2022-43626 MEDIUM
D-Link DIR-1935 < 1.03 - Authenticated OS Command Injection via SetIPv4FirewallSettings Request
CVSS 6.8
CVE-2022-43624 MEDIUM
D-Link DIR-1935 < 1.03 - Authenticated OS Command Injection via SetStaticRouteIPv6Settings
CVSS 6.8
CVE-2022-42433 HIGH
TP-Link TL-WR841N Firmware < 220914 - Authenticated OS Command Injection via ated_tp Service
CVSS 8.0
CVE-2022-3210 HIGH
D-Link DIR-2150 4.0.1 - Code Injection
CVSS 8.8
CVE-2022-27647 HIGH
NETGEAR Multiple Router Firmware - Unauthenticated OS Command Injection via libreadycloud.so Name/Email Field
CVSS 8.0
CVE-2022-28495 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 - Command Injection
CVSS 9.8
CVE-2022-28491 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 - Command Injection
CVSS 9.8
CVE-2022-28494 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 - Command Injection
CVSS 9.8
CVE-2022-37337 CRITICAL
Netgear Orbi Router RBR750 4.6.8.5 - Authenticated OS Command Injection
CVSS 9.1
CVE-2022-39951 HIGH
FortiWeb 6.3.6-6.3.20 and 7.0.0-7.0.2 - OS Command Injection via Crafted HTTP Requests
CVSS 7.2
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits