CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,038 vulnerabilities with CWE-78
CVE-2019-1725 MEDIUM
Cisco Unified Computing System < 4.0(2a) - Authenticated File Write & CLI Command Injection
CVSS 5.5
CVE-2019-4202 CRITICAL
IBM API Connect 5.0.0.0-5.0.8.6 - OS Command Injection
CVSS 10.0
CVE-2019-0232 HIGH
Apache Tomcat 7.0.0-7.0.93, 8.5.0-8.5.39, 9.0.0.M1-9.0.17 - Remote Code Execution via CGI Servlet
CVSS 8.1
CVE-2019-10880 CRITICAL
Xerox ColorQube 8700/8900/9301/9302/9303 Firmware - OS Command Injection via HTTP Interface
CVSS 9.8
CVE-2019-3914 HIGH
Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 - Authenticated OS Command Injection via Network Object Hostname
CVSS 7.2
CVE-2019-5425 HIGH
Ubiquiti Networks EdgeSwitch X <1.1.0 - Privilege Escalation
CVSS 8.8
CVE-2019-5424 HIGH
Ubiquiti Networks EdgeSwitch X <1.1.0 - Command Injection
CVSS 8.8
CVE-2019-10631 HIGH
Zyxel NAS326 Firmware < 5.21 - Authenticated OS Command Injection via Package Installer
CVSS 8.8
CVE-2019-11001 HIGH KEV
Reolink RLC-410W/C1/C2/RLC-422W/RLC-511W <1.0.227 Authenticated OS Command Injection
CVSS 7.2
CVE-2019-6552 CRITICAL
Advantech WebAccess < 8.3.5 - Remote Code Execution via Improper Input Validation
CVSS 9.8
CVE-2019-9193 HIGH
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
CVSS 7.2
CVE-2019-10662 HIGH
Grandstream UCM62xx IP PBX sendPasswordEmail RCE
CVSS 8.8
CVE-2019-10660 HIGH
Grandstream GXV3611IR_HD < 1.0.3.23 - Authenticated OS Command Injection via logserver Parameter
CVSS 8.8
CVE-2019-10659 HIGH
Grandstream GXV3370 < 1.0.1.41 and WP820 < 1.0.3.6 - Authenticated Remote Code Execution via Logcat Priority Field
CVSS 8.8
CVE-2019-10658 HIGH
Grandstream GWN7610 < 1.0.8.18 - Authenticated Remote Code Execution via update_nds_webroot_from_tmp API
CVSS 8.8
CVE-2019-10657 MEDIUM
Grandstream GWN7000 < 1.0.6.32 and GWN7610 < 1.0.8.18 - Authenticated Password Exposure via Ubus UCI Config Request
CVSS 6.5
CVE-2019-10656 HIGH
Grandstream GWN7000 Firmware < 1.0.6.32 - Authenticated Remote Code Execution via uci.apply API
CVSS 8.8
CVE-2019-10655 CRITICAL
Grandstream GAC2500/GXP2200/GVC3202/GXV3275/GXV3240 < 1.0.3.219 - Unauthenticated RCE via getlogcat
CVSS 9.8
CVE-2019-1745 HIGH
Cisco IOS XE - Authenticated OS Command Injection via Affected Commands
CVSS 7.8
CVE-2019-10061 CRITICAL
node-opencv <6.1.0 - Command Injection
CVSS 9.8
CVE-2019-7385 HIGH
Raisecom ISCOM HT803G-U/-W/-1GE/GPON <2.0.0_140521_R4.1.47.002 - Co...
CVSS 7.8
CVE-2019-7384 HIGH
Raisecom ISCOM HT803G-U/-W/-1GE/GPON <2.0.0_140521_R4.1.47.002 - Co...
CVSS 7.8
CVE-2019-7383 HIGH
Systrome Cumilon ISG-600C-ISG-800W - Command Injection
CVSS 7.8
CVE-2019-5414 HIGH
kill-port < 1.3.2 - Command Injection
CVSS 8.1
CVE-2019-9785 HIGH
gitnote 3.1.0 - Remote Code Execution via Crafted Markdown File
CVSS 7.8
Details
Vulnerabilities 6,038
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits