CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-23900 CRITICAL
Wavlink WL-WN531P3 - Command Injection
CVSS 9.8
CVE-2022-25017 CRITICAL
Hitron CHITA 7.2.2.0.3b6-CD - OS Command Injection via DDNS Username Field
CVSS 9.1
CVE-2022-24803 CRITICAL
asciidoctor-include-ext < 0.4.0 - OS Command Injection
CVSS 10.0
CVE-2022-24796 CRITICAL
RaspberryMatic 2.31.25.20180428-3.63.8.20220330 - Unauthenticated Remote Code Execution via WebUI File Upload
CVSS 10.0
CVE-2022-22986 HIGH
Netcommunity OG410X and OG810X Series < 2.28 - OS Command Injection via Crafted Config File
CVSS 8.8
CVE-2022-26258 CRITICAL KEV
D-Link DIR-820L 1.05B03 - Remote Code Execution via HTTP POST to get set ccp
CVSS 9.8
CVE-2022-27947 HIGH
NETGEAR R8500 1.0.2.158 - Authenticated OS Command Injection via ipv6_fix.cgi Parameters
CVSS 8.8
CVE-2022-27946 HIGH
NETGEAR R8500 1.0.2.158 - Authenticated OS Command Injection via sysNewPasswd and sysConfirmPasswd Parameters
CVSS 8.8
CVE-2022-27945 HIGH
NETGEAR R8500 1.0.2.158 - Authenticated OS Command Injection via sysNewPasswd and sysConfirmPasswd Parameters
CVSS 8.8
CVE-2022-27811 CRITICAL
GNOME OCRFeeder < 0.8.4 - OS Command Injection via PDF or Image Filename
CVSS 9.8
CVE-2022-26290 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - OS Command Injection via WriteFacMac Component
CVSS 9.8
CVE-2022-26289 CRITICAL
Tenda M3 <1.10 V1.0.0.12 - Command Injection
CVSS 9.8
CVE-2022-22951 CRITICAL
VMware Carbon Black App Control 8.5-8.8.1 - Authenticated RCE via Input Validation
CVSS 9.1
CVE-2022-1030 HIGH
Okta Advanced Server Access < 1.58.0 - OS Command Injection via Crafted URL
CVSS 8.8
CVE-2022-24237 HIGH
Snapt Aria <12.8 - Command Injection
CVSS 8.8
CVE-2022-26265 CRITICAL
Contao Managed Edition <1.5.0 - RCE
CVSS 9.8
CVE-2022-25441 CRITICAL
Tenda AC9 v15.03.2.21 - Remote Code Execution via vlanid Parameter in SetIPTVCfg
CVSS 9.8
CVE-2022-25438 CRITICAL
Tenda AC9 v15.03.2.21 - Remote Code Execution via SetIPTVCfg Function
CVSS 9.8
CVE-2022-22273 CRITICAL
Secure Remote Access <8 - OS Command Injection
CVSS 9.8
CVE-2022-27005 CRITICAL
Totolink X5000R and A7000R Firmware - OS Command Injection via setWanCfg hostName Parameter
CVSS 9.8
CVE-2022-27004 CRITICAL
Totolink X5000R and A7000R Firmware - OS Command Injection via Tunnel 6in4 Remote Parameter
CVSS 9.8
CVE-2022-27003 CRITICAL
Totolink X5000R V9.1.0u.6118_B20201102 & A7000R V9.1.0u.6115_B20201022 - OS Command Injection via 6rd Relay
CVSS 9.8
CVE-2022-26994 CRITICAL
Arris SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05, SBR-AC1200P 1.0.5-B05 - OS Command Injection via PPTP Function
CVSS 9.8
CVE-2022-26993 CRITICAL
Arris routers <1.0.7-B05 - Command Injection
CVSS 9.8
CVE-2022-26992 CRITICAL
Arris SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05, SBR-AC1200P 1.0.5-B05 - OS Command Injection via DDNS Parameters
CVSS 9.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits