CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-34726 MEDIUM
Cisco SD-WAN < 18.4.6 - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2021-34725 MEDIUM
Cisco IOS XE SD-WAN < 17.2.1r - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2021-37925 CRITICAL
ManageEngine ADManager Plus <= 7110 - Authenticated OS Command Injection
CVSS 9.8
CVE-2021-36260 CRITICAL KEV
Hikvision IP Camera Unauthenticated Command Injection
CVSS 9.8
CVE-2021-41315 HIGH
Device42 Remote Collector < 17.05.01 - Authenticated OS Command Injection via SNMP Connectivity Utility
CVSS 8.8
CVE-2021-37913 CRITICAL
HGiga OAKlouds Portal 2.0-2.0-2 - Unauthenticated OS Command Injection via IPv6 Gateway Parameter
CVSS 9.8
CVE-2021-37912 CRITICAL
HGiga OAKlouds Portal 2.0-<2.0-2 - Unauthenticated OS Command Injection via Ethernet Number Parameter
CVSS 9.8
CVE-2021-23025 HIGH
BIG-IP <15.1.0.5, <14.1.3.1, <13.1.3.5, <=11.6.x - Authenticated RCE
CVSS 8.8
CVE-2021-23031 CRITICAL
F5 BIG-IP Advanced WAF/ASM Privilege Escalation (16.0.1.2/15.1.3/14.1.4.1/13.1.4/12.1.6/11.6.5.3)
CVSS 9.9
CVE-2021-37531 HIGH
SAP NetWeaver Knowledge Management XML Forms 7.10-7.50 - Authenticated OS Command Injection via Malicious XSL Stylesheet
CVSS 8.8
CVE-2021-31891 CRITICAL
Siemens Desigo CC - OS Command Injection
CVSS 10.0
CVE-2021-33554 HIGH
Multiple Camera Devices - Command Injection
CVSS 7.2
CVE-2021-33553 HIGH
Multiple Camera Devices - Command Injection
CVSS 7.2
CVE-2021-33552 HIGH
Multiple Camera Devices - Command Injection
CVSS 7.2
CVE-2021-33551 HIGH
Multiple Camera Devices - Command Injection
CVSS 7.2
CVE-2021-33550 HIGH
Multiple Camera Devices - Command Injection
CVSS 7.2
CVE-2021-33548 HIGH
Multiple Camera Devices - Command Injection
CVSS 7.2
CVE-2021-33544 HIGH
Multiple Camera Devices - Command Injection
CVSS 7.2
CVE-2021-40222 HIGH
Rittal CMC PU III 3.11.00_2-3.17.10 - Remote Code Execution via PU-Hostname Field
CVSS 7.2
CVE-2021-39459 HIGH
Redaxo CMS 5.12.1 - Authenticated Remote Code Execution via Malicious Module
CVSS 7.2
CVE-2021-34728 HIGH
Cisco IOS XR < 7.3.2 - Authenticated Privilege Escalation via CLI
CVSS 7.8
CVE-2021-34722 MEDIUM
Cisco IOS XR 7.1.1-7.3.2 - Authenticated OS Command Injection
CVSS 6.7
CVE-2021-34721 MEDIUM
Cisco IOS XR < 7.3.2 - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2021-34719 HIGH
Cisco IOS XR < 7.3.2 - Authenticated Privilege Escalation via CLI
CVSS 7.8
CVE-2021-28571 HIGH
Adobe After Effects < 18.1 - Unauthenticated OS Command Injection via Malicious File
CVSS 8.3
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits