CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-28910 CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 - Command Injection
CVSS 9.8
CVE-2022-28909 CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 - Command Injection
CVSS 9.8
CVE-2022-28908 CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 - Command Injection
CVSS 9.8
CVE-2022-28907 CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 - Command Injection
CVSS 9.8
CVE-2022-28906 CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 - Command Injection
CVSS 9.8
CVE-2022-28905 CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 - Command Injection
CVSS 9.8
CVE-2022-28901 CRITICAL
D-Link DIR882 DIR882A1_FW130B06 - Command Injection
CVSS 9.8
CVE-2022-28896 CRITICAL
D-Link DIR882 DIR882A1_FW130B06 - Command Injection
CVSS 9.8
CVE-2022-28895 CRITICAL
D-Link DIR882 DIR882A1_FW130B06 - Command Injection
CVSS 9.8
CVE-2022-27224 HIGH
Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4 - Authenticated OS Command Injection via Network Tools Input Fields
CVSS 7.2
CVE-2022-28584 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-28583 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-28582 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-28581 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-28580 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-28579 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-28578 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-28577 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-28575 CRITICAL
TOTOlink A7100RU <7.4cu.2313_b20191024 - Command Injection
CVSS 9.8
CVE-2022-29592 CRITICAL
Tenda TX9 Pro 22.03.02.10 - OS Command Injection via set_route Function
CVSS 9.8
CVE-2022-20801 MEDIUM
Cisco RV340, RV340W, RV345, RV345P Firmware < 1.0.03.27 - Authenticated OS Command Injection
CVSS 4.7
CVE-2022-20799 MEDIUM
Cisco RV340 and RV345 Firmware < 1.0.03.27 - Authenticated OS Command Injection
CVSS 4.7
CVE-2022-28557 CRITICAL
Tenda AC15 Firmware - OS Command Injection via /goform/setsambacfg Interface
CVSS 9.8
CVE-2022-27903 HIGH
Eve-NG Professional < 4.0.1-65 and Eve-NG Community < 2.0.3-112 - Authenticated OS Command Injection via UNL File Import
CVSS 8.8
CVE-2022-28055 CRITICAL
FusionPBX < 4.4.0 - OS Command Injection via Email Log Download
CVSS 9.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits