CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,038 vulnerabilities with CWE-78
CVE-2019-7298 HIGH
D-Link DIR-823G <1.02B03 - Command Injection
CVSS 8.1
CVE-2019-7297 CRITICAL
D-Link DIR-823G <1.02B03 - Command Injection
CVSS 9.8
CVE-2019-3913 MEDIUM
LabKey Server Community Edition < 18.3.0-61806.763 - Authenticated Denial of Service via Drive Unmount Command
CVSS 4.9
CVE-2019-1652 HIGH KEV
Cisco RV320 and RV325 Firmware 1.4.2.15-1.4.2.21 - Authenticated Remote Code Execution via HTTP POST Request
CVSS 7.2
CVE-2019-1650 HIGH
Cisco SD-WAN Solution - Authenticated Arbitrary File Write via CLI Save Command
CVSS 8.8
CVE-2019-1636 HIGH
Cisco Webex Teams - OS Command Injection via Unsafe Search Paths
CVSS 7.8
CVE-2019-6487 HIGH
TP-Link WDR Series < 3.0 - Authenticated Remote Code Execution via Weather Citycode Field
CVSS 8.8
CVE-2018-25143 HIGH
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
CVSS 8.8
CVE-2018-25126 CRITICAL
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 - Command Injec...
CVE-2018-25122 HIGH
Nagios XI < 5.4.13 - Authenticated Remote Code Execution via Component Download Page
CVSS 8.8
CVE-2018-25120 CRITICAL
D-Link DNS-343 ShareCenter <1.05 - Command Injection
CVSS 9.8
CVE-2018-25118 CRITICAL
GeoVision embedded IP devices - Command Injection
CVE-2018-25115 CRITICAL
D-Link DIR Series service.cgi - Unauthenticated Command Injection
CVSS 9.8
CVE-2018-17879 CRITICAL
ABUS TVIP Firmware - Unauthenticated Remote Code Execution via CGI Script Injection
CVSS 9.8
CVE-2018-17558 CRITICAL
ABUS TVIP Firmware - OS Command Injection via /cgi-bin/mft/ Directory
CVSS 9.8
CVE-2018-25083 CRITICAL
pullit < 1.4.0 - OS Command Injection via Git Branch Name
CVSS 9.8
CVE-2018-19950 CRITICAL
QNAP Music Station < 5.3.11 - Remote Command Injection
CVSS 9.8
CVE-2018-19949 CRITICAL KEV
QNAP QTS < 4.2.6 - OS Command Injection
CVSS 9.8
CVE-2018-21225 MEDIUM
NETGEAR D7800/D7000/D8500/R6700/R6800/R6900/R7000/R7500/R7800/R8300/R8500/R9000 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21157 MEDIUM
NETGEAR D7800/R6700/R6900/R7000/R7500/R7800/R9000/WNDR4300/WNDR4500 Firmware - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21154 MEDIUM
NETGEAR D7800/DM200/R6100/R7500/R7800 Firmware - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21152 MEDIUM
NETGEAR D7800/R7500/R7800/R8900/R9000/WNDR4300/WNDR4500 Firmware - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21100 HIGH
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 8.0
CVE-2018-21099 HIGH
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 8.0
CVE-2018-21098 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
Details
Vulnerabilities 6,038
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits