CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-4029 HIGH
Zyxel ARMOR Z1/Z2 - Command Injection
CVSS 8.8
CVE-2021-46319 CRITICAL
D-Link DIR-846 Firmware - Remote Code Execution via SSID Parameter Command Injection
CVSS 9.8
CVE-2021-46315 CRITICAL
D-Link DIR-846 Firmware - Remote Command Execution via HNAP1 SetWizardConfig SSID Parameter Injection
CVSS 9.8
CVE-2021-46314 CRITICAL
D-Link DIR-846 Firmware - Remote Command Execution via HNAP1 SetNetworkTomographySettings Domain Validation
CVSS 9.8
CVE-2021-45382 CRITICAL KEV
D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, DIR-836L - Remote Code Execution via DDNS Function
CVSS 9.8
CVE-2021-3781 CRITICAL
Ghostscript - Command Execution via SAFER Sandbox Escape
CVSS 9.9
CVE-2021-26726 HIGH
Valmet DNA 2012-2021 - Remote Code Execution via TCP Port 1517
CVSS 8.8
CVE-2021-26616 HIGH
SecuwaySSL 2.0.0.4-2.0.0.8 - OS Command Injection via runCommand Arguments
CVSS 7.8
CVE-2021-43928 CRITICAL
Synology Mail Station <20211105-10315 - Command Injection
CVSS 9.9
CVE-2021-29393 CRITICAL
NorthStar Club Management 6.3 - Remote Code Execution via cominput.jsp/comoutput.jsp
CVSS 9.8
CVE-2021-45987 CRITICAL
Tenda G1 and G3 Firmware 15.11.0.17(9502)_CN - OS Command Injection via formSetNetCheckTools hostName Parameter
CVSS 9.8
CVE-2021-45986 CRITICAL
Tenda G1 and G3 Firmware 15.11.0.17(9502)_CN - OS Command Injection via usbOrdinaryUserName Parameter
CVSS 9.8
CVE-2021-41018 HIGH
Fortinet FortiWeb <6.4.1, <6.3.15 - Command Injection
CVSS 8.8
CVE-2021-43073 HIGH
Fortinet FortiWeb <6.4.1 - Command Injection
CVSS 8.8
CVE-2021-41016 HIGH
Fortinet FortiExtender <7.0.1,<4.2.3,<4.1.7 - Command Injection
CVSS 7.8
CVE-2021-40412 HIGH
Reolink RLC-410W v3.0.0.136_20121102 - Command Injection
CVSS 7.2
CVE-2021-40411 HIGH
Reolink RLC-410W v3.0.0.136_20121102 - Command Injection
CVSS 7.2
CVE-2021-40410 HIGH
Reolink RLC-410W v3.0.0.136_20121102 - Command Injection
CVSS 7.2
CVE-2021-40409 CRITICAL
Reolink RLC-410W v3.0.0.136_20121102 - Command Injection
CVSS 9.8
CVE-2021-40408 CRITICAL
Reolink RLC-410W v3.0.0.136_20121102 - Command Injection
CVSS 9.8
CVE-2021-40407 HIGH KEV
Reolink RLC-410W v3.0.0.136_20121102 - Command Injection
CVSS 7.2
CVE-2021-32849 HIGH
gerapy < 0.9.9 - Authenticated OS Command Injection
CVSS 8.8
CVE-2021-36296 HIGH
Dell VNX2 OE for File <8.1.21.266 - Authenticated RCE
CVSS 7.2
CVE-2021-36295 HIGH
Dell VNX2 OE for File <8.1.21.266 - Authenticated RCE
CVSS 7.2
CVE-2021-45845 HIGH
FreeCAD 0.19 - OS Command Injection via Crafted FCStd Document
CVSS 7.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits