CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,038 vulnerabilities with CWE-78
CVE-2019-1614 HIGH
Cisco NX-OS 8.2-8.3(2) - Authenticated Remote Code Execution via NX-API Command Injection
CVSS 8.8
CVE-2019-1612 MEDIUM
Cisco NX-OS < 7.0(3)I7(6) - Authenticated OS Command Injection via CLI Arguments
CVSS 4.2
CVE-2019-9121 CRITICAL
Motorola C1 and M2 Firmware - OS Command Injection via HNAP SetSmartQoSSettings API
CVSS 9.8
CVE-2019-9120 CRITICAL
Motorola C1 and M2 Firmware - OS Command Injection via HNAP SetWLanACLSettings wl(0).(0)_maclist Parameter
CVSS 9.8
CVE-2019-9119 CRITICAL
Motorola C1 and M2 Firmware - OS Command Injection via HNAP SetStaticRouteSettings API
CVSS 9.8
CVE-2019-9118 CRITICAL
Motorola C1 and M2 Firmware - OS Command Injection via HNAP SetNTPServerSettings API
CVSS 9.8
CVE-2019-9117 CRITICAL
Motorola C1 and M2 Firmware - OS Command Injection via HNAP SetNetworkTomographySettings API
CVSS 9.8
CVE-2019-1591 HIGH
Cisco Nexus 9000 Series ACI Mode Switch Software - RCE
CVSS 7.8
CVE-2019-3920 HIGH
Alcatel Lucent I-240W-Q GPON ONT 3FE54567BOZJ19 - Authenticated OS Command Injection via /GponForm/device_Form
CVSS 8.8
CVE-2019-3919 HIGH
Nokia I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 - Authenticated OS Command Injection via USB Restore Script Endpoint
CVSS 8.8
CVE-2019-1674 HIGH
Cisco Webex Meetings < 33.6.6 Authenticated OS Command Injection via Update Service
CVSS 7.8
CVE-2019-9194 CRITICAL
elFinder < 2.1.48 - OS Command Injection in PHP Connector
CVSS 9.8
CVE-2019-8427 CRITICAL
ZoneMinder < 1.32.3 - OS Command Injection via daemonControl Shell Metacharacters
CVSS 9.8
CVE-2019-8319 HIGH
D-Link DIR-878 Firmware 1.12A1 - OS Command Injection via HNAP SetStaticRouteIPv4Settings Gateway Field
CVSS 8.8
CVE-2019-8318 HIGH
D-Link DIR-878 Firmware 1.12A1 - OS Command Injection via HNAP1 SetSysEmailSettings SMTPServerPort Field
CVSS 8.8
CVE-2019-8317 HIGH
D-Link DIR-878 Firmware 1.12A1 - OS Command Injection via HNAP SetStaticRouteIPv6Settings DestNetwork Parameter
CVSS 8.8
CVE-2019-8316 HIGH
D-Link DIR-878 Firmware 1.12A1 - OS Command Injection via HNAP SetWebFilterSettings WebFilterURLs Parameter
CVSS 8.8
CVE-2019-8315 HIGH
D-Link DIR-878 1.12A1 - OS Command Injection via HNAP SetIPv4FirewallSettings
CVSS 8.8
CVE-2019-8314 HIGH
D-Link DIR-878 Firmware 1.12A1 - OS Command Injection via HNAP SetQoSSettings IPAddress Parameter
CVSS 8.8
CVE-2019-8313 HIGH
D-Link DIR-878 1.12A1 - OS Command Injection via HNAP SetIPv6FirewallSettings
CVSS 8.8
CVE-2019-8312 HIGH
D-Link DIR-878 Firmware 1.12A1 - OS Command Injection via HNAP SetSysLogSettings IPAddress Field
CVSS 8.8
CVE-2019-5736 HIGH
Docker Container Escape Via runC Overwrite
CVSS 8.6
CVE-2019-7632 HIGH
LifeSize Team, Room, Passport, and Networker 220 - Authenticated RCE
CVSS 8.8
CVE-2019-3704 HIGH
Dell EMC VNX2 Firmware < 8.1.9.217 - Authenticated OS Command Injection via Sudoers Misconfiguration
CVSS 7.8
CVE-2019-7301 HIGH
Zen Load Balancer 3.10.1 - Command Injection
CVSS 7.2
Details
Vulnerabilities 6,038
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits