CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-1986 CRITICAL
Gogs < 0.12.9 - OS Command Injection
CVSS 9.8
CVE-2022-29013 CRITICAL
Razer Sila Gaming Router <v2.0.441_api-2.0.418 - Command Injection
CVSS 9.8
CVE-2022-1703 HIGH
SonicWall SMA 210/410/500v Firmware < 10.2.1.4-31sv - Authenticated OS Command Injection
CVSS 8.8
CVE-2022-24065 HIGH
cookiecutter <2.1.1 - Command Injection
CVSS 8.1
CVE-2022-31486 HIGH
HID Mercury Intelligent Controllers <1.303-1.297 - Command Injection
CVSS 8.8
CVE-2022-31479 CRITICAL
HID Mercury Intelligent Controllers <1.302-1.296 - Code Injection
CVSS 9.6
CVE-2022-26868 MEDIUM
Dell EMC PowerStore <2.1.0.x - Command Injection
CVSS 6.4
CVE-2022-30425 HIGH
Tenda HG6 3.3.0-210926 - OS Command Injection via pingAddr and traceAddr Parameters
CVSS 8.8
CVE-2022-20797 MEDIUM
Cisco Secure Network Analytics - Command Injection
CVSS 5.5
CVE-2022-29256 MEDIUM
sharp < 0.30.5 - OS Command Injection via PKG_CONFIG_PATH Environment Variable
CVSS 6.5
CVE-2022-29337 CRITICAL
C-DATA FD702XW-X-R430 v2.1.13_X001 - Command Injection
CVSS 9.8
CVE-2022-26532 HIGH
Zyxel USG/ZyWALL series <4.71 - Command Injection
CVSS 7.8
CVE-2022-1813 CRITICAL
rengine < 1.2.0 - OS Command Injection
CVSS 9.8
CVE-2022-31245 HIGH
mailcow <2022-05d - Command Injection
CVSS 8.8
CVE-2022-30105 CRITICAL
Belkin N300 Firmware 1.00.08 - Unauthenticated OS Command Injection via setting_hidden.asp Parameters
CVSS 9.8
CVE-2022-29516 CRITICAL
FUJITSU Network IPCOM EX2 Series < v01l05_nf0501 - OS Command Injection
CVSS 9.8
CVE-2022-1362 MEDIUM
Cambium Networks cnMaestro - OS Command Injection via Package Upload
CVSS 5.0
CVE-2022-1360 HIGH
Cambium Networks cnMaestro - Remote Code Execution
CVSS 8.2
CVE-2022-1359 MEDIUM
Cambium Networks cnMaestro - Arbitrary File Write via Path Traversal in On-Premise Route
CVSS 5.7
CVE-2022-1357 CRITICAL
Cambium Networks cnMaestro - Unauthenticated Remote Code Execution via Logger Command Injection
CVSS 9.8
CVE-2022-1356 HIGH
cnMaestro - Local Privilege Escalation via Sudo Script Execution
CVSS 7.1
CVE-2022-24394 HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-24393 HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-24392 HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-24390 HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits