CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,017 vulnerabilities with CWE-78
CVE-2021-30358
HIGH
Mobile Access Portal Native Apps - Path Traversal
CVSS 7.2
CVE-2021-38478
CRITICAL
InHand Networks IR615 Router 2.3.0.r4724 and 2.3.0.r4870 - OS Command Injection via Traceroute Tool
CVSS 9.1
CVE-2021-38470
CRITICAL
InHand Networks IR615 Router <2.3.0.r4870 - Command Injection
CVSS 9.1
CVE-2021-24684
HIGH
WordPress PDF Light Viewer <1.4.12 - Command Injection
CVSS 8.8
CVE-2021-27561
CRITICAL
KEV
Yealink DM 3.6.0.20 - Command Injection
CVSS 9.8
CVE-2021-37732
HIGH
Aruba Instant < 6.4.4.8-4.2.4.18, < 6.5.4.18, < 8.5.0.11, < 8.6.0.6, <= 8.7.1.0 - Remote Command Execution
CVSS 7.2
CVE-2021-37730
HIGH
Aruba Instant < 6.4.4.8-4.2.4.19, < 6.5.4.20, < 8.5.0.12, < 8.6.0.11, <= 8.7.1.3 - Remote Command Execution
CVSS 7.2
CVE-2021-37727
HIGH
Aruba Instant < 6.4.4.8-4.2.4.19, < 6.5.4.20, < 8.5.0.12, < 8.6.0.11, <= 8.7.1.3 - Remote Command Execution
CVSS 7.2
CVE-2021-20122
HIGH
Telus Wi-Fi Hub (PRV65B444A-S-TS) 3.00.20 - Authenticated OS Command Injection via tr69_cmd.cgi Parameters
CVSS 7.2
CVE-2021-42071
CRITICAL
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated Remote Command Execution via User-Agent Header
CVSS 9.8
CVE-2021-34748
HIGH
Cisco Intersight Virtual Appliance 1.0.9-150-1.0.9-292 - Authenticated OS Command Injection
CVSS 8.8
CVE-2021-34710
HIGH
Cisco ATA 190 Series Firmware - OS Command Injection and Denial of Service
CVSS 8.8
CVE-2021-1594
HIGH
Cisco Identity Services Engine 2.4.0-2.5.9 - Unauthenticated OS Command Injection via REST API
CVSS 7.5
CVE-2021-22557
MEDIUM
SLO Generator < 2.0.1 - Remote Code Execution via YAML File Loading
CVSS 5.3
CVE-2021-34352
HIGH
QVR < 5.1.5 - OS Command Injection
CVSS 7.2
CVE-2021-35028
HIGH
Zyxel ZyWALL VPN2S Firmware 1.12 - Authenticated OS Command Injection
CVSS 7.3
CVE-2021-21570
MEDIUM
Dell NetWorker 18.1.0.1-19.4.0.3 - Information Disclosure via Remote Client Access
CVSS 6.8
CVE-2021-21569
MEDIUM
Dell NetWorker 18.1.0.1-19.4.0.3 - Path Traversal
CVSS 6.8
CVE-2021-20035
MEDIUM
KEV
SonicWall SMA 200/210/400/410/500v < 9.0.0.11-31sv - Authenticated OS Command Injection
CVSS 6.5
CVE-2021-39826
HIGH
Adobe Digital Editions < 4.5.11.187646 - Authenticated OS Command Injection via Malicious EPUB File
CVSS 8.6
CVE-2021-31605
HIGH
openvpn-monitor <= 1.1.3 - OS Command Injection via OpenVPN Management Interface Socket
CVSS 7.5
CVE-2021-34351
CRITICAL
QNAP QVR < 5.1.5 - OS Command Injection
CVSS 9.8
CVE-2021-34349
HIGH
QNAP QVR < 5.1.5 - OS Command Injection
CVSS 7.2
CVE-2021-34348
CRITICAL
QNAP QVR < 5.1.5 - OS Command Injection
CVSS 9.8
CVE-2021-34729
MEDIUM
Cisco IOS XE and IOS XE SD-WAN < 17.3.1a - Authenticated OS Command Injection via CLI Arguments
CVSS 6.7
Details
Vulnerabilities
6,017
Exploit Likelihood
High