CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,011 vulnerabilities with CWE-78
CVE-2022-25171 HIGH
P4 < 0.0.7 - OS Command Injection
CVSS 7.4
CVE-2022-44456 CRITICAL
CONPROSYS HMI System < 3.4.4 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2022-43466 MEDIUM
Buffalo WSR-3200AX4S Firmware < 1.26 - Authenticated OS Command Injection via CGI Program
CVSS 6.8
CVE-2022-43443 HIGH
Buffalo WSR-3200AX4S Firmware < 1.26 - OS Command Injection via Management Page
CVSS 8.8
CVE-2022-26582 HIGH
PAX PayDroid 7.1.1 Virgo V04.3.26T1 - Authenticated OS Command Injection via systool client
CVSS 7.8
CVE-2022-26580 MEDIUM
PAX PayDroid 7.1.1 Virgo V04.3.26T1 - OS Command Injection via ADB Daemon Shell Service
CVSS 6.8
CVE-2022-47210 HIGH
Netgear RAX30 Firmware <= 1.0.9.90 - Command Injection
CVSS 7.8
CVE-2022-47208 HIGH
Netgear Nighthawk AX Series Firmware < 1.0.9.90 - Unauthenticated OS Command Injection via puhttpsniff Service
CVSS 8.8
CVE-2022-46634 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2022-46631 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2022-24377 HIGH
cycle-import-check <1.3.2 - Command Injection
CVSS 7.4
CVE-2022-42140 HIGH
Delta Electronics DX-2100-L1-CN 2.42 - OS Command Injection via lform/net_diagnose
CVSS 7.2
CVE-2022-42139 HIGH
Delta Electronics DVW-W02W2-E2 1.5.0.10 - Authenticated Command Injection via Crafted URL
CVSS 8.8
CVE-2022-45005 CRITICAL
IP-COM EW9 V15.11.0.14(9732) - OS Command Injection via cmd_get_ping_output
CVSS 9.8
CVE-2022-45996 HIGH
Tenda W20E V16.01.0.6(3392) - OS Command Injection via cmd_get_ping_output
CVSS 7.2
CVE-2022-45977 HIGH
Tenda AX12 V22.03.01.21_CN - OS Command Injection via setMacFilterCfg Function
CVSS 8.8
CVE-2022-45043 HIGH
Tenda AX12 V22.03.01.16_cn - OS Command Injection via fast_setting_internet_set
CVSS 8.8
CVE-2022-37924 HIGH
Aruba EdgeConnect Enterprise < 8.3.7.1 - Authenticated OS Command Injection via CLI
CVSS 7.2
CVE-2022-37912 HIGH
ArubaOS 6.5.4.0-6.5.4.21 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.5 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-37902 HIGH
ArubaOS SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.6 and ArubaOS 6.5.4.0-6.5.4.22 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-37901 HIGH
ArubaOS 6.5.4.0-6.5.4.22 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.6 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-37900 HIGH
ArubaOS 6.5.4.0-6.5.4.22 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.6 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-37899 HIGH
ArubaOS SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.6 and ArubaOS 6.5.4.0-6.5.4.22 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-37898 HIGH
ArubaOS and SD-WAN - Authenticated OS Command Injection via Command Line Interface
CVSS 7.2
CVE-2022-37897 CRITICAL
Aruba SD-WAN 8.7.0.0-2.3.0.5 & ArubaOS 6.5.4.0-6.5.4.21 - RCE via PAPI UDP Port
CVSS 9.8
Details
Vulnerabilities 6,011
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits