CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-43164 HIGH
Ruijie ReyeeOS < 1.55.1915_ew_3.0(1)b11p55 - Remote Code Execution via updateVersion Function
CVSS 8.8
CVE-2021-42165 HIGH
MitraStar GPT-2541GNAC-N1 Firmware - Authenticated OS Command Injection via DeviceInfo Path Parameter
CVSS 8.8
CVE-2021-34602 HIGH
Bender CC612 and ICC15xx Firmware 5.11.0-5.11.1 - Authenticated OS Command Injection via Web Interface
CVSS 8.8
CVE-2021-46422 CRITICAL
Telesquare SDT-CW3B1 1.1.0 - Command Injection
CVSS 9.8
CVE-2021-46441 HIGH
D-Link DIR-825 G1 - Command Injection
CVSS 8.8
CVE-2021-22795 CRITICAL
StruxureWare Data Center Expert < V7.8.1 - Command Injection
CVSS 9.1
CVE-2021-36293 MEDIUM
Dell VNX2 for File <8.1.21.266 - Privilege Escalation
CVSS 6.4
CVE-2021-36287 HIGH
Dell EMC Unity Operating Environment < 8.1.21.266 - Unauthenticated Remote Code Execution
CVSS 7.3
CVE-2021-26116 MEDIUM
FortiAuthenticator < 6.3.1 - Authenticated OS Command Injection via Command Line Interpreter
CVSS 6.7
CVE-2021-26104 HIGH
FortiAnalyzer 5.6.0-6.0.10 and FortiManager 5.6.0-6.0.10 - Authenticated OS Command Injection via CLI Command Parameters
CVSS 7.8
CVE-2021-22127 HIGH
FortiClient for Linux < 6.2.9 - Unauthenticated Remote Code Execution via Malicious Network Name
CVSS 7.1
CVE-2021-24009 HIGH
FortiWAN < 4.5.8 - Authenticated OS Command Injection via Web GUI
CVSS 7.2
CVE-2021-42324 HIGH
DCN S4600-10P-SI Firmware < R0241.0470 - Authenticated OS Command Injection via Capture Command Parameters
CVSS 7.4
CVE-2021-32974 CRITICAL
Moxa NPort IAW5000A-I/O Firmware < 2.2 - Remote Code Execution
CVSS 9.8
CVE-2021-32933 CRITICAL
MDT AutoSave <6.02.06 - Code Injection
CVSS 10.0
CVE-2021-46007 CRITICAL
totolink a3100r V5.9c.4577 - Command Injection
CVSS 9.8
CVE-2021-27476 CRITICAL
Rockwell Automation FactoryTalk AssetCentre <10.00 - Command Injection
CVSS 10.0
CVE-2021-36100 MEDIUM
OTRS < 7.0.28, < 7.0.19, < 8.0.12 - OS Command Injection via System Configuration
CVSS 6.4
CVE-2021-45966 CRITICAL
Pascom Cloud Phone System <7.20.x - RCE
CVSS 9.8
CVE-2021-23632 MEDIUM
git < 0.1.5 - Remote Code Execution via Git.git Method
CVSS 6.6
CVE-2021-32475 MEDIUM
Moodle < 3.5.18 - Stored Cross-Site Scripting in Quiz Grading Report ID Numbers
CVSS 5.4
CVE-2021-46704 CRITICAL
GenieACS <1.2.8 - Command Injection
CVSS 9.8
CVE-2021-44827 HIGH
TP-Link Archer C20i Firmware < 170221 - Authenticated OS Command Injection via X_TP_ExternalIPv6Address Parameter
CVSS 8.8
CVE-2021-43075 HIGH
Fortinet FortiWLM <8.6.2-<8.5.2-<8.4.2-<8.3.2 - Command Injection
CVSS 8.8
CVE-2021-4039 CRITICAL
Zyxel NWA-1100-NH - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits