CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-37028 MEDIUM
HG8045Q Firmware - Authenticated OS Command Injection via Command-Line Interface
CVSS 6.7
CVE-2021-36380 CRITICAL KEV
Sunhillo SureLine <8.7.0.1.1 - Code Injection
CVSS 9.8
CVE-2021-37346 CRITICAL
Nagios XI WatchGuard Wizard < 1.4.8 - Remote Code Execution via OS Command Injection
CVSS 9.8
CVE-2021-37344 CRITICAL
Nagios XI Switch Wizard < 2.5.7 - Remote Code Execution via OS Command Injection
CVSS 9.8
CVE-2021-31698 CRITICAL
Quectel EG25-G Firmware < 202006130814 - Remote Code Execution via AT Command Shell Metacharacter Injection
CVSS 9.8
CVE-2021-3050 HIGH
Palo Alto Networks PAN-OS <10.1.2 - Command Injection
CVSS 8.8
CVE-2021-33721 HIGH
SINEC NMS <V1.0 SP2 - Command Injection
CVSS 7.2
CVE-2021-21585 CRITICAL
Dell OpenManage Enterprise < 3.6.1 - Authenticated OS Command Injection in RACADM and IPMI Tools
CVSS 9.1
CVE-2021-36706 CRITICAL
ProLink PRC2402M < 1.0.18 - OS Command Injection via sysCMD Parameter
CVSS 9.8
CVE-2021-36705 CRITICAL
ProLink PRC2402M Firmware < 1.0.18 - OS Command Injection via TR069_local_port Parameter
CVSS 9.8
CVE-2021-21805 CRITICAL
Advantech R-SeeNet 2.4.12 - OS Command Injection via ping.php Script
CVSS 9.8
CVE-2021-1602 HIGH
Cisco Small Business RV Series Router Firmware < 1.0.01.04 - Unauthenticated OS Command Injection via Web Interface
CVSS 8.2
CVE-2021-26097 HIGH
FortiSandbox 3.0.0-3.0.6, 3.1.0-3.1.4, 3.2.0-3.2.2 - Authenticated OS Command Injection via HTTP Requests
CVSS 8.8
CVE-2021-32772 HIGH
Poddycast < 0.8.1 - Remote Code Execution via Malicious Podcast Feed Content
CVSS 8.8
CVE-2021-31799 HIGH
Debian Linux < 6.3.1 - OS Command Injection
CVSS 7.0
CVE-2021-23412 HIGH
gitlogplus - OS Command Injection via Unsanitized Options Attributes
CVSS 8.1
CVE-2021-3198 MEDIUM
Ivanti MobileIron < 10.7.0.1-9 - OS Command Injection via 'install rpm url' Command
CVSS 6.5
CVE-2021-31580 HIGH
Akkadianlabs Ova Appliance < 3.0 - OS Command Injection
CVSS 8.7
CVE-2021-33032 CRITICAL
eQ-3 HomeMatic CCU2/CCU3 <2.57.5/<3.57.5 - RCE
CVSS 10.0
CVE-2021-1618 MEDIUM
Cisco Intersight Virtual Appliance < 1.0.9-292 - Authenticated Path Traversal and OS Command Injection
CVSS 6.5
CVE-2021-29143 HIGH
Aruba AOS-CX < 10.04.3070/10.05.0070/10.06.0110/10.07.0001 - RCE
CVSS 7.2
CVE-2021-32751 HIGH
Gradle < 7.2 - OS Command Injection via Environment Variable Manipulation
CVSS 7.5
CVE-2021-22125 MEDIUM
FortiSandbox < 3.2.2 - Authenticated OS Command Injection via Sniffer Module Configuration
CVSS 6.3
CVE-2021-32749 MEDIUM
fail2ban <0.9.7, 0.10.0-0.10.6, 0.11.0-0.11.2 - RCE
CVSS 6.1
CVE-2021-21819 HIGH
D-LINK DIR-3040 1.13B03 - OS Command Injection via Libcli Test Environment
CVSS 7.2
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits