CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,038 vulnerabilities with CWE-78
CVE-2018-21164
HIGH
NETGEAR R6220 and WNDR3700v5 Firmware < 1.1.0.64 and < 1.1.0.54 - Authenticated OS Command Injection
CVSS 7.2
CVE-2018-21162
CRITICAL
NETGEAR Multiple Routers - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2018-21110
MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21109
MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21108
MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21107
MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21106
MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21105
MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21104
MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21103
MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21101
HIGH
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 8.0
CVE-2018-21130
HIGH
NETGEAR WAC505 and WAC510 < 5.0.0.17 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2018-21127
HIGH
NETGEAR WAC505 and WAC510 < 5.0.0.17 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2018-21126
HIGH
NETGEAR WAC505 and WAC510 < 5.0.0.17 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2018-20334
CRITICAL
ASUSWRT 3.0.0.4.384.20308 - OS Command Injection via fb_email Parameter
CVSS 9.8
CVE-2018-11805
MEDIUM
Apache SpamAssassin <3.4.3 - Code Injection
CVSS 6.7
CVE-2018-20969
HIGH
GNU patch < 2.7.6 - OS Command Injection via ed Script ! Character Handling
CVSS 7.8
CVE-2018-14495
CRITICAL
Vivotek FD8136 - Remote Command Injection
CVSS 9.8
CVE-2018-14494
CRITICAL
Vivotek FD8136 Firmware - Remote Command Injection via BusyBox and wget
CVSS 9.8
CVE-2018-14860
CRITICAL
Odoo < 11.0 - Authenticated Remote Code Execution via Dynamic Expression Sandbox Escape
CVSS 9.1
CVE-2018-11215
CRITICAL
Cloudera Data Science Workbench < 1.3.0 - Remote Code Execution
CVSS 9.8
CVE-2018-16118
HIGH
Sophos SFOS - OS Command Injection via X-Forwarded-For HTTP Header
CVSS 8.1
CVE-2018-16117
HIGH
Sophos SFOS < 17.0 - Authenticated OS Command Injection via Admin Portal dbName Parameter
CVSS 8.8
CVE-2018-16593
HIGH
Sony Bravia TV < 8.587 - OS Command Injection via Photo Sharing Plus
CVSS 8.8
CVE-2018-16618
CRITICAL
VTech Storio Max <56.D3JM6 - Command Injection
CVSS 9.8
Details
Vulnerabilities
6,038
Exploit Likelihood
High