CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-37860 CRITICAL
TP-Link M7350 V3 Firmware 190531 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2022-3133 HIGH
drawio < 20.3.0 - OS Command Injection
CVSS 7.8
CVE-2022-29061 HIGH
Fortinet FortiSOAR <7.2.1 - Command Injection
CVSS 7.2
CVE-2022-30079 HIGH
Netgear R6200 v2 - Authenticated OS Command Injection via acos_service Binary
CVSS 8.8
CVE-2022-38094 HIGH
CentreCOM AR260S <Ver.3.3.7 - Command Injection
CVSS 8.8
CVE-2022-35273 HIGH
CentreCOM AR260S Firmware < 3.3.7 - Authenticated OS Command Injection via GUI Setting Page
CVSS 8.8
CVE-2022-33941 CRITICAL
Alfasado Inc. PowerCMS <6.021, <5.21, <4.51 - Command Injection
CVSS 9.8
CVE-2022-38531 HIGH
FPT G-97RG6M and G-97RG3 - Remote Command Execution via Ping Function
CVSS 8.8
CVE-2022-30078 HIGH
NETGEAR R6200/R6300 Firmware <1.0.3.12/1.0.4.52 Authenticated OS Command Injection
CVSS 8.8
CVE-2022-23683 HIGH
AOS-CX <=10.10.0002 Authenticated OS Command Injection via NAE Scripts
CVSS 7.2
CVE-2022-23682 HIGH
ArubaOS-CX 10.06.0000-10.06.0180, 10.08.xxxx<=10.08.1030, 10.09.xxxx<=10.09.1030 - Authenticated OS Command Injection
CVSS 7.8
CVE-2022-23681 HIGH
ArubaOS-CX 10.06.0000-10.06.0180, 10.08.xxxx<=10.08.1030, 10.09.xxxx<=10.09.1030 - Authenticated OS Command Injection
CVSS 7.8
CVE-2022-34883 HIGH
Hitachi RAID Manager Storage Replication Adapter 02.01.04-02.03.02 & 02.05.00-02.05.01 - OS Command Injection
CVSS 7.2
CVE-2022-31814 CRITICAL
pfBlockerNG < 2.1.4_26 - Remote Code Execution via HTTP Host Header
CVSS 9.8
CVE-2022-3008 HIGH
tinygltf <2.6.0 - Command Injection
CVSS 8.1
CVE-2022-37130 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 and DIR-878 DIR_878_FW1.30B08 - OS Command Injection via Diagnosis Endpoint
CVSS 9.8
CVE-2022-37129 HIGH
D-Link DIR-816 A2_v1.10CNB04 - OS Command Injection via SystemCommand Endpoint
CVSS 8.8
CVE-2022-37123 HIGH
D-Link DIR-816 Firmware - OS Command Injection via form2userconfig.cgi
CVSS 8.8
CVE-2022-34383 HIGH
Dell Edge Gateway 5200 Firmware < 1.03.10 - OS Command Injection via SMI Bypass
CVSS 8.1
CVE-2022-36566 CRITICAL
yogeshojha rengine 1.3.0 - OS Command Injection via Scan Engine Function
CVSS 9.8
CVE-2022-36749 CRITICAL
sourcefabric rpi-jukebox-rfid 2.3.0 - OS Command Injection via Uploaded File Name
CVSS 9.8
CVE-2022-34374 HIGH
Dell Container Storage Modules < 1.3.0 - Authenticated OS Command Injection in goiscsi and gobrick Libraries
CVSS 8.8
CVE-2022-31232 HIGH
SmartFabric storage software <1.0.0 - Command Injection
CVSS 8.6
CVE-2022-37149 CRITICAL
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 - OS Command Injection via Username Parameter
CVSS 9.8
CVE-2022-38511 HIGH
TOTOLINK A810R V5.9c.4050_B20190424 - Command Injection
CVSS 7.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits