CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-33328 CRITICAL
Robustel R1510 3.3.0 - Command Injection
CVSS 9.8
CVE-2022-33327 CRITICAL
Robustel R1510 3.3.0 - Command Injection
CVSS 9.8
CVE-2022-33326 CRITICAL
Robustel R1510 3.3.0 - Command Injection
CVSS 9.8
CVE-2022-33325 CRITICAL
Robustel R1510 3.3.0 - Command Injection
CVSS 9.8
CVE-2022-33314 CRITICAL
Robustel R1510 3.3.0 - Command Injection
CVSS 9.8
CVE-2022-33313 CRITICAL
Robustel R1510 3.3.0 - Command Injection
CVSS 9.8
CVE-2022-33312 CRITICAL
Robustel R1510 3.3.0 - Command Injection
CVSS 9.8
CVE-2022-31885 CRITICAL
Marval MSM v14.19.0.12476 - OS Command Injection via VBScript Handling
CVSS 9.8
CVE-2022-32092 CRITICAL
D-Link DIR-645 Firmware < 1.03 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-28171 HIGH
Hikvision Hybrid SAN/Cluster Storage Firmware < 2.3.8-6 - OS Command Injection
CVSS 7.5
CVE-2022-31767 CRITICAL
IBM CICS TX < 11.1 - Remote Code Execution
CVSS 9.8
CVE-2022-32534 HIGH
Bosch PRA-ES8P2S Firmware < 1.01.05 - OS Command Injection via Diagnostics Web Interface
CVSS 8.8
CVE-2022-2068 HIGH
OpenSSL 1.0.2-1.0.2ze, 1.1.1-1.1.1o, 3.0.0-3.0.3 - OS Command Injection via c_rehash Script
CVSS 7.3
CVE-2022-26147 CRITICAL
Quectel RG502Q-EA - Command Injection
CVSS 9.8
CVE-2022-31795 CRITICAL
Fujitsu ETERNUS CentricStor CS8000 Firmware < 8.1 - Unauthenticated OS Command Injection via grel.php Parameters
CVSS 9.8
CVE-2022-31794 CRITICAL
Fujitsu ETERNUS CentricStor CS8000 < 8.1 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2022-30329 CRITICAL
TRENDnet TEW-831DR 1.0 601.130.1.1356 - Authenticated OS Command Injection
CVSS 9.8
CVE-2022-30023 HIGH
Tenda HG9 Firmware 1.0.1 - OS Command Injection via Ping Function
CVSS 8.8
CVE-2022-33140 HIGH
Apache NiFi <1.16.2 - Command Injection
CVSS 8.8
CVE-2022-31311 CRITICAL
WAVLINK AERIAL X 1200M M79X3.V5030.180719 - Command Injection
CVSS 9.8
CVE-2022-31446 CRITICAL
Tenda AC18 V15.03.05.19 and V15.03.05.05 - Command Injection via Mac Parameter
CVSS 9.8
CVE-2022-30311 CRITICAL
Festo CECC-X-M1 Firmware < 3.8.14 - Unauthenticated OS Command Injection via cecc-x-refresh-request Endpoint
CVSS 9.8
CVE-2022-30310 CRITICAL
Festo Controller CECC-X-M1 Firmware < 3.8.14 - Unauthenticated OS Command Injection via cecc-x-acknerr-request Endpoint
CVSS 9.8
CVE-2022-30309 CRITICAL
Festo Controller CECC-X-M1 Firmware < 3.8.14 - Unauthenticated OS Command Injection via HTTP Endpoint
CVSS 9.8
CVE-2022-30308 CRITICAL
Festo Controller CECC-X-M1 Firmware < 3.8.14 - Unauthenticated OS Command Injection via HTTP Endpoint
CVSS 9.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits