CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,038 vulnerabilities with CWE-78
CVE-2018-21164 HIGH
NETGEAR R6220 and WNDR3700v5 Firmware < 1.1.0.64 and < 1.1.0.54 - Authenticated OS Command Injection
CVSS 7.2
CVE-2018-21162 CRITICAL
NETGEAR Multiple Routers - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2018-21110 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21109 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21108 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21107 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21106 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21105 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21104 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21103 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 6.8
CVE-2018-21101 HIGH
NETGEAR R7800 Firmware < 1.0.2.60 - Authenticated OS Command Injection
CVSS 8.0
CVE-2018-21130 HIGH
NETGEAR WAC505 and WAC510 < 5.0.0.17 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2018-21127 HIGH
NETGEAR WAC505 and WAC510 < 5.0.0.17 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2018-21126 HIGH
NETGEAR WAC505 and WAC510 < 5.0.0.17 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2018-20334 CRITICAL
ASUSWRT 3.0.0.4.384.20308 - OS Command Injection via fb_email Parameter
CVSS 9.8
CVE-2018-11805 MEDIUM
Apache SpamAssassin <3.4.3 - Code Injection
CVSS 6.7
CVE-2018-20969 HIGH
GNU patch < 2.7.6 - OS Command Injection via ed Script ! Character Handling
CVSS 7.8
CVE-2018-14495 CRITICAL
Vivotek FD8136 - Remote Command Injection
CVSS 9.8
CVE-2018-14494 CRITICAL
Vivotek FD8136 Firmware - Remote Command Injection via BusyBox and wget
CVSS 9.8
CVE-2018-14860 CRITICAL
Odoo < 11.0 - Authenticated Remote Code Execution via Dynamic Expression Sandbox Escape
CVSS 9.1
CVE-2018-11215 CRITICAL
Cloudera Data Science Workbench < 1.3.0 - Remote Code Execution
CVSS 9.8
CVE-2018-16118 HIGH
Sophos SFOS - OS Command Injection via X-Forwarded-For HTTP Header
CVSS 8.1
CVE-2018-16117 HIGH
Sophos SFOS < 17.0 - Authenticated OS Command Injection via Admin Portal dbName Parameter
CVSS 8.8
CVE-2018-16593 HIGH
Sony Bravia TV < 8.587 - OS Command Injection via Photo Sharing Plus
CVSS 8.8
CVE-2018-16618 CRITICAL
VTech Storio Max <56.D3JM6 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,038
Exploit Likelihood High