CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-22657 CRITICAL
mySCADA myPRO <8.20.0 - Command Injection
CVSS 10.0
CVE-2021-4144 HIGH
TP-Link TL-WR802N Firmware < 211202 - OS Command Injection
CVSS 8.8
CVE-2021-21888 CRITICAL
Lantronix PremierWave 2050 8.9.0.0R4 - Authenticated OS Command Injection
CVSS 9.1
CVE-2021-21884 CRITICAL
Lantronix PremierWave 2050 Firmware 8.9.0.0R4 - Authenticated OS Command Injection via Web Manager SslGenerateCSR
CVSS 9.1
CVE-2021-21883 CRITICAL
Lantronix PremierWave 2050 Firmware 8.9.0.0R4 - Authenticated OS Command Injection via Web Manager Diagnostics Ping
CVSS 9.9
CVE-2021-21882 HIGH
Lantronix PremierWave 2050 Firmware 8.9.0.0R4 - Authenticated OS Command Injection via Web Manager FsUnmount
CVSS 8.8
CVE-2021-21881 CRITICAL
Lantronix PremierWave 2050 Firmware 8.9.0.0R4 - Authenticated OS Command Injection via Wireless Network Scanner
CVSS 9.9
CVE-2021-21877 CRITICAL
Lantronix PremierWave 2050 Firmware - Authenticated OS Command Injection via HTTP GET Request
CVSS 9.1
CVE-2021-21876 CRITICAL
Lantronix PremierWave 2050 Firmware - Authenticated OS Command Injection via PUT Request
CVSS 9.1
CVE-2021-21875 CRITICAL
Lantronix PremierWave 2050 Firmware - Authenticated OS Command Injection via EC keypasswd Parameter
CVSS 9.1
CVE-2021-21874 CRITICAL
Lantronix PremierWave 2050 Firmware - Authenticated OS Command Injection via DSA keypasswd Parameter
CVSS 9.1
CVE-2021-21873 CRITICAL
Lantronix PremierWave 2050 Firmware - Authenticated OS Command Injection via RSA keypasswd Parameter
CVSS 9.1
CVE-2021-21872 CRITICAL
Lantronix PremierWave 2050 8.9.0.0R4 Authenticated OS Command Injection
CVSS 9.9
CVE-2021-42912 HIGH
FiberHome ONU GPON AN5506 - Authenticated OS Command Injection via Ping Diagnostic Tool
CVSS 8.8
CVE-2021-44235 MEDIUM
SAP NetWeaver AS ABAP 700-756 - Authenticated OS Command Injection via Transaction Class Builder
CVSS 6.7
CVE-2021-39065 CRITICAL
IBM Spectrum Copy Data Management < 2.2.13 - Remote Code Execution via Admin Console Upload Certificate Function
CVSS 9.8
CVE-2021-21954 CRITICAL
Anker Eufy Homebase 2 2.1.6.9h - OS Command Injection via wifi_country_code_update
CVSS 9.9
CVE-2021-20144 HIGH
Gryphon Tower Firmware < 04.0004.12 - Unauthenticated OS Command Injection via Operation 49 Parameters
CVSS 8.8
CVE-2021-20143 HIGH
Gryphon Tower Firmware < 04.0004.12 - Unauthenticated OS Command Injection via Operation 48 Parameters
CVSS 8.8
CVE-2021-20142 HIGH
Gryphon Tower Firmware < 04.0004.12 - Unauthenticated OS Command Injection via Operation 41 Parameters
CVSS 8.8
CVE-2021-20141 HIGH
Gryphon Tower Firmware < 04.0004.12 - Unauthenticated OS Command Injection via Controller Server Operation 32
CVSS 8.8
CVE-2021-20140 HIGH
Gryphon Tower Firmware < 04.0004.12 - Unauthenticated OS Command Injection via Controller Server Operation 10
CVSS 8.8
CVE-2021-20139 HIGH
Gryphon Tower Firmware < 04.0004.12 - Unauthenticated OS Command Injection via Controller Server Operation 3 Parameters
CVSS 8.8
CVE-2021-20138 HIGH
Gryphon Tower Firmware < 04.0004.12 - Unauthenticated OS Command Injection via Web Interface Parameters
CVSS 8.8
CVE-2021-42759 MEDIUM
Fortinet Meru AP <= 8.5.5 - OS Command Injection via CLI Commands
CVSS 6.7
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits