CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,026 vulnerabilities with CWE-78
CVE-2020-9374
CRITICAL
TP-Link TL-WR849N 0.9.1 4.16 - Remote Code Execution via Traceroute Shell Metacharacter Injection
CVSS 9.8
CVE-2020-4222
CRITICAL
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Remote Code Execution via HTTP Command
CVSS 9.8
CVE-2020-4213
CRITICAL
IBM Spectrum Protect 10.1.0-10.1.5 - Remote Code Execution via HTTP Command
CVSS 9.8
CVE-2020-4211
CRITICAL
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Remote Code Execution via HTTP Command
CVSS 9.8
CVE-2020-4210
CRITICAL
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Remote Code Execution via HTTP Command
CVSS 9.8
CVE-2020-8130
MEDIUM
Ruby Rake < 12.3.3 - Command Injection
CVSS 6.4
CVE-2020-8813
HIGH
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
CVSS 8.8
CVE-2020-6842
HIGH
D-Link DCH-M225 Firmware < 1.05b01 - Authenticated OS Command Injection via Media Renderer Name
CVSS 7.2
CVE-2020-6841
CRITICAL
D-Link DCH-M225 Firmware < 1.05b01 - OS Command Injection via Spotify Connect userName Parameter
CVSS 9.8
CVE-2020-5534
HIGH
Aterm WG2600HS <Ver1.3.2 - Command Injection
CVSS 8.0
CVE-2020-5525
HIGH
NEC Aterm Router Firmware - Authenticated OS Command Execution
CVSS 8.0
CVE-2020-5524
HIGH
NEC Aterm WF1200C/WG1200CR/WG2600HS Firmware - Unauthenticated Remote Code Execution via UPnP Function
CVSS 8.8
CVE-2020-7597
HIGH
codecov-node < 3.6.5 - Remote Code Execution via gcov-root Argument
CVSS 8.8
CVE-2020-9027
CRITICAL
ELTEX NTP-RG-1402G and NTP-2 Firmware - OS Command Injection via Ping TRACE Field
CVSS 9.8
CVE-2020-9026
CRITICAL
ELTEX NTP-RG-1402G and NTP-2 Firmware - OS Command Injection via PING Field
CVSS 9.8
CVE-2020-9021
CRITICAL
Post Oak AWAM Bluetooth Field Device Firmware - OS Command Injection via timeconfig.py htmlNtpServer Parameter
CVSS 9.8
CVE-2020-9020
CRITICAL
Iteris Vantage Velocity Firmware 2.3.1, 2.4.2, 3.0 - OS Command Injection via NTP Server Field
CVSS 9.8
CVE-2020-8858
HIGH
Moxa MGate 5105-MB-EIP Firmware < 4.1 - Authenticated OS Command Injection via DestIP Parameter
CVSS 8.8
CVE-2020-8963
CRITICAL
TimeTools SC7105-SR9850 T100-T550 OS Command Injection via t3.cgi
CVSS 9.8
CVE-2020-8949
HIGH
Gocloud S2A/S3A K2P MTK/ISP3000 4.2.7-4.3.0 - Remote Code Execution via Ping Command Injection
CVSS 8.8
CVE-2020-8947
HIGH
Artica Pandora FMS 7.0 - Authenticated OS Command Injection via Netflow Live View Parameters
CVSS 7.2
CVE-2020-8946
HIGH
Netis WF2471 v1.2.30142 - Authenticated OS Command Injection via log_3g_type Parameter
CVSS 8.8
CVE-2020-8429
HIGH
Kinetica 7.0.9.2.20191118151947 - Authenticated RCE
CVSS 8.8
CVE-2020-8126
HIGH
EdgeSwitch <1.7.1 - Privilege Escalation
CVSS 7.8
CVE-2020-8654
HIGH
EyesOfNetwork <5.3 - Command Injection
CVSS 8.8
Details
Vulnerabilities
6,026
Exploit Likelihood
High