CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-21526 MEDIUM
Dell PowerScale OneFS 8.1.0-9.1.0 - Authenticated Privilege Escalation via SmartLock Compliance Mode
CVSS 6.0
CVE-2021-20991 CRITICAL
Fibaro Home Center <4.540 - Command Injection
CVSS 9.8
CVE-2021-23381 HIGH
killing - OS Command Injection via Unsanitized Input to child_process exec
CVSS 7.3
CVE-2021-23380 MEDIUM
roar-pidusage - OS Command Injection via Unsanitized Input to stat Function
CVSS 5.6
CVE-2021-23379 HIGH
portkiller - OS Command Injection via Unsanitized Input to child_process exec
CVSS 7.3
CVE-2021-23378 CRITICAL
picotts - OS Command Injection via say Function
CVSS 9.8
CVE-2021-23377 CRITICAL
onion-oled-js - OS Command Injection via Scroll Function
CVSS 9.8
CVE-2021-23376 CRITICAL
ffmpegdotjs - OS Command Injection via trimvideo Function
CVSS 9.8
CVE-2021-23375 HIGH
psnode - OS Command Injection via Kill Function
CVSS 7.3
CVE-2021-23374 HIGH
ps-visitor - OS Command Injection via Kill Function
CVSS 7.3
CVE-2021-27692 CRITICAL
Tendacn G1 Firmware - Memory Corruption
CVSS 9.8
CVE-2021-27691 CRITICAL
Tenda G0/G1/G3 <15.11.0.6-17 - Command Injection
CVSS 9.8
CVE-2021-29449 MEDIUM
Pi-hole 5.2.4 - Privilege Escalation via Remove Commands
CVSS 6.3
CVE-2021-27710 CRITICAL
TOTOLINK X5000R <9.1.0u.6118_B20201102 - Command Injection
CVSS 9.8
CVE-2021-27708 CRITICAL
TOTOLINK X5000R <9.1.0u.6118_B20201102 - Command Injection
CVSS 9.8
CVE-2021-27252 HIGH
NETGEAR Multiple Router and Extender Firmware - Unauthenticated OS Command Injection via DHCP Vendor-Specific Opcode
CVSS 8.8
CVE-2021-27249 HIGH
D-Link DAP-2020 v1.01rc001 - Unauthenticated OS Command Injection via CGI Script Processing
CVSS 8.8
CVE-2021-27113 CRITICAL
D-Link DIR-816 A2 1.10 B05 - OS Command Injection via /goform/addRouting Route
CVSS 9.8
CVE-2021-29003 CRITICAL
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - Remote Code Execution via sys_config_valid.xgi
CVSS 9.8
CVE-2021-29379 HIGH
D-Link DIR-802 Firmware < 1.00b05 - OS Command Injection via UPnP SSDP M-SEARCH ST Field
CVSS 8.8
CVE-2021-21433 CRITICAL
demon1a/discord-recon < 0.0.2 - Remote Code Execution
CVSS 9.9
CVE-2021-1473 MEDIUM
Cisco RV340 RV340W RV345 RV345P Firmware < 1.0.03.21 - Authentication Bypass and Remote Code Execution
CVSS 5.3
CVE-2021-28927 HIGH
libretro RetroArch 1.9.0-1.9.4 - OS Command Injection via Text-to-Speech Engine
CVSS 7.8
CVE-2021-28204 HIGH
ASUS BMC Firmware - Authenticated OS Command Injection via User Information Parameter
CVSS 7.2
CVE-2021-28203 HIGH
ASUS BMC Firmware - Authenticated OS Command Injection via Web Set Media Image Parameter
CVSS 7.2
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits