CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,011 vulnerabilities with CWE-78
CVE-2022-25916 HIGH
mt7688-wiscan < 0.8.3 - OS Command Injection via wiscan.scan Function
CVSS 7.4
CVE-2022-25906 HIGH
is-http2 - OS Command Injection via isH2 Function
CVSS 7.4
CVE-2022-21129 HIGH
nemo-appium < 0.0.9 - OS Command Injection via Improper Input Sanitization in module.exports.setup
CVSS 7.4
CVE-2022-42484 CRITICAL
FreshTomato 2022.5 - OS Command Injection via httpd logs/view.cgi
CVSS 9.8
CVE-2022-48108 CRITICAL
D-Link DIR_878_FW1.30B08 - OS Command Injection via SubnetMask Parameter
CVSS 9.8
CVE-2022-48107 CRITICAL
D-Link DIR_878_FW1.30B08 - OS Command Injection via IPAddress Parameter
CVSS 9.8
CVE-2022-48072 HIGH
Phicomm K2G v22.6.3.20 - OS Command Injection via autoUpTime Parameter
CVSS 7.8
CVE-2022-48070 HIGH
Phicomm K2 Firmware v22.6.534.263 - OS Command Injection via autoUpTime Parameter
CVSS 7.8
CVE-2022-48069 HIGH
Totolink A830R V4.1.2cu.5182 - OS Command Injection via QUERY_STRING Parameter
CVSS 7.5
CVE-2022-42493 CRITICAL
Siretta QUARTZ-GOLD Firmware G5.0.1.5-210720-141020 - OS Command Injection via m2m DOWNLOAD_INFO Command
CVSS 9.8
CVE-2022-42492 CRITICAL
Siretta QUARTZ-GOLD Firmware G5.0.1.5-210720-141020 - OS Command Injection via m2m DOWNLOAD_AD Command
CVSS 9.8
CVE-2022-42491 CRITICAL
Siretta QUARTZ-GOLD Firmware G5.0.1.5-210720-141020 - OS Command Injection via M2M_CONFIG_SET Command
CVSS 9.8
CVE-2022-42490 CRITICAL
Siretta QUARTZ-GOLD Firmware G5.0.1.5-210720-141020 - OS Command Injection via m2m DOWNLOAD_CFG_FILE Command
CVSS 9.8
CVE-2022-40969 HIGH
Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 - Command Injection
CVSS 8.8
CVE-2022-40222 CRITICAL
Siretta QUARTZ-GOLD Firmware G5.0.1.5-210720-141020 - OS Command Injection via m2m DELETE_FILE Command
CVSS 9.8
CVE-2022-40220 HIGH
Siretta QUARTZ-GOLD Firmware G5.0.1.5-210720-141020 - OS Command Injection via httpd txt/restore.cgi
CVSS 8.8
CVE-2022-38066 HIGH
Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 - Command Injection
CVSS 8.8
CVE-2022-29843 MEDIUM
Western Digital My Cloud OS 5 - OS Command Injection via DDNS Service Configuration
CVSS 6.2
CVE-2022-25962 HIGH
vagrant.js - OS Command Injection via boxAdd Function
CVSS 7.4
CVE-2022-25908 HIGH
create-choo-electron - OS Command Injection via devInstall Function
CVSS 7.4
CVE-2022-25860 HIGH
simple-git < 3.16.0 - Remote Code Execution via Git Command Methods
CVSS 8.1
CVE-2022-25350 HIGH
puppet-facter - OS Command Injection via getFact Function
CVSS 7.4
CVE-2022-21810 HIGH
smartctl - OS Command Injection via Info Method
CVSS 7.4
CVE-2022-40720 HIGH
D-Link DIR-2150 Firmware < 4.0.1 - Unauthenticated OS Command Injection via Dreambox Plugin
CVSS 8.8
CVE-2022-40719 HIGH
D-Link DIR-2150 Firmware < 4.0.1 - Unauthenticated OS Command Injection via xupnpd_generic.lua feed Parameter
CVSS 8.8
Details
Vulnerabilities 6,011
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits