CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-1292 HIGH
Siemens Brownfield Connectivity Gateway < 2.15 - OS Command Injection
CVSS 7.3
CVE-2022-28573 CRITICAL
D-Link DIR-823-Pro v1.0.2 - Command Injection
CVSS 9.8
CVE-2022-28572 HIGH
Tenda AX1806 v1.0.0.1 - Command Injection
CVSS 8.8
CVE-2022-28571 CRITICAL
D-link 882 DIR882A1_FW130B06 - Command Injection
CVSS 9.8
CVE-2022-29937 HIGH
USU Oracle Optimization < 5.17.5 - Authenticated OS Command Injection via Base64 Decoding
CVSS 8.8
CVE-2022-1440 CRITICAL
git-interface < 2.1.2 - OS Command Injection via --upload-pack Argument
CVSS 9.8
CVE-2022-28810 MEDIUM KEV
ManageEngine ADSelfService Plus Custom Script Execution
CVSS 6.8
CVE-2022-20718 MEDIUM
Cisco IOS XE IOx - Command Injection, Code Execution, Install Bypass, and XSS
CVSS 5.5
CVE-2022-20693 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via Web UI API
CVSS 4.7
CVE-2022-27188 HIGH
Yokogawa CENTUM VP and B/M9000 VP - OS Command Injection via Graphic Builder File Alteration
CVSS 7.8
CVE-2022-29080 CRITICAL
npm-dependency-versions <0.3.0 - Command Injection
CVSS 9.8
CVE-2022-1262 HIGH
D-Link DIR Series Firmware - Authenticated OS Command Injection via Protest Binary
CVSS 7.8
CVE-2022-0999 HIGH
mySCADA myPRO <= 8.25.0 - Authenticated OS Command Injection
CVSS 8.8
CVE-2022-26413 HIGH
Zyxel VMG3312-T20A <5.30(ABFX.5)C0 - Command Injection
CVSS 8.0
CVE-2022-27276 CRITICAL
InHand Networks InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via sub_10F2C Function
CVSS 9.8
CVE-2022-27275 CRITICAL
InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via Crafted Packet
CVSS 9.8
CVE-2022-27274 CRITICAL
InHand Networks InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via sub_12028 Function
CVSS 9.8
CVE-2022-27273 CRITICAL
InHand Networks InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via sub_12168 Function
CVSS 9.8
CVE-2022-27272 CRITICAL
InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via sub_1791C Function
CVSS 9.8
CVE-2022-27271 CRITICAL
InHand Networks InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via python-lib
CVSS 9.8
CVE-2022-27270 CRITICAL
InHand Networks InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via ipsec_secrets Component
CVSS 9.8
CVE-2022-27269 CRITICAL
InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via config_ovpn Component
CVSS 9.8
CVE-2022-27268 CRITICAL
InHand Networks InRouter 900 Firmware < 1.0.0.r11700 - Remote Code Execution via get_cgi_from_memory
CVSS 9.8
CVE-2022-26670 HIGH
D-Link DIR-878 Firmware < 1.20b05 - Unauthenticated OS Command Injection via Webpage Input Field
CVSS 8.8
CVE-2022-25597 HIGH
ASUS RT-AC86U Firmware - Unauthenticated OS Command Injection via LPD Service
CVSS 8.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits