CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-37056 CRITICAL
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 - OS Command Injection via cgibin hnap_main
CVSS 9.8
CVE-2022-37057 CRITICAL
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 - OS Command Injection via cgibin
CVSS 9.8
CVE-2022-31499 CRITICAL
Nortek Linear eMerge E3-Series <0.32-08f - Command Injection
CVSS 9.8
CVE-2022-20865 MEDIUM
Cisco FXOS Software - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2022-37810 CRITICAL
Tenda AC1206 V15.03.06.23 - OS Command Injection via mac Parameter in formWriteFacMac
CVSS 9.8
CVE-2022-37083 HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 - OS Command Injection via ip Parameter in setDiagnosisCfg
CVSS 7.8
CVE-2022-37082 HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 - OS Command Injection via NTPSyncWithHost Host Time Parameter
CVSS 7.8
CVE-2022-37081 HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 - OS Command Injection via Traceroute Configuration Command Parameter
CVSS 7.8
CVE-2022-37079 HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 - OS Command Injection via hostName Parameter
CVSS 7.8
CVE-2022-36455 HIGH
TOTOLink A3600R V4.1.2cu.5182_B20201102 - Command Injection
CVSS 7.8
CVE-2022-37076 HIGH
TOTOLINK A7000R V9.1.0u.6115_B20201022 - OS Command Injection via UploadFirmwareFile FileName Parameter
CVSS 7.8
CVE-2022-37070 CRITICAL
H3C GR-1200W Firmware < minigrw1a0v100r006 - OS Command Injection via DelL2tpLNSList Param Parameter
CVSS 9.8
CVE-2022-36510 HIGH
H3C GR2200 MiniGR1A0V100R014 - Command Injection
CVSS 7.8
CVE-2022-36509 HIGH
H3C GR3200 MiniGR1B0V100R014 - Command Injection
CVSS 7.8
CVE-2022-36487 HIGH
TOTOLINK N350RT V9.3.5u.6139_B20201216 - Command Injection
CVSS 7.8
CVE-2022-36486 HIGH
TOTOLINK N350RT V9.3.5u.6139_B20201216 - Command Injection
CVSS 7.8
CVE-2022-36485 HIGH
TOTOLINK N350RT V9.3.5u.6139_B20201216 - Command Injection
CVSS 7.8
CVE-2022-36481 HIGH
TOTOLINK N350RT V9.3.5u.6139_B20201216 - Command Injection
CVSS 7.8
CVE-2022-36479 HIGH
TOTOLINK N350RT V9.3.5u.6139_B20201216 - Command Injection
CVSS 7.8
CVE-2022-36461 HIGH
TOTOLINK A3700R V9.1.2u.6134_B20201202 - Command Injection
CVSS 7.8
CVE-2022-36460 HIGH
TOTOLINK A3700R V9.1.2u.6134_B20201202 - Command Injection
CVSS 7.8
CVE-2022-36459 HIGH
TOTOLINK A3700R V9.1.2u.6134 - Command Injection
CVSS 7.8
CVE-2022-36458 HIGH
TOTOLINK A3700R V9.1.2u.6134_B20201202 - Command Injection
CVSS 7.8
CVE-2022-36456 HIGH
TOTOLink A720R V4.1.5cu.532_B20210610 - Command Injection
CVSS 7.8
CVE-2022-36804 HIGH KEV
Atlassian Bitbucket Server/Data Center <7.6.17/<7.17.10/<7.21.4/<8....
CVSS 8.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits