CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,041 vulnerabilities with CWE-78
CVE-2018-16117
HIGH
Sophos SFOS < 17.0 - Authenticated OS Command Injection via Admin Portal dbName Parameter
CVSS 8.8
CVE-2018-16593
HIGH
Sony Bravia TV < 8.587 - OS Command Injection via Photo Sharing Plus
CVSS 8.8
CVE-2018-16618
CRITICAL
VTech Storio Max <56.D3JM6 - Command Injection
CVSS 9.8
CVE-2018-18472
CRITICAL
Western Digital My Book Live and My Book Live Duo - Unauthenticated Remote Code Execution via Language Configuration API
CVSS 9.8
CVE-2018-18852
HIGH
Cerio DT-300N 1.1.6-1.1.12 - OS Command Injection via PING Feature
CVSS 8.8
CVE-2018-20841
CRITICAL
HooToo TripMate Titan HT-TM05 Firmware 2.000.022 and 2.000.082 - Remote Command Execution via mac Parameter
CVSS 9.8
CVE-2018-10702
HIGH
Moxa AWK-3121 1.14 - OS Command Injection via iw_filename POST Parameter
CVSS 8.8
CVE-2018-10699
HIGH
Moxa AWK-3121 Firmware 1.14 - OS Command Injection via iw_privatePass Parameter
CVSS 8.8
CVE-2018-10697
HIGH
Moxa AWK-3121 1.14 - OS Command Injection via srvName Parameter
CVSS 8.8
CVE-2018-5265
HIGH
Ubiquiti EdgeOS 1.9.1 - Authenticated Remote Code Execution via Unsanitized Alias or IPS Parameter
CVSS 7.2
CVE-2018-19977
HIGH
Auerswald COMfort 1200 IP phone <3.4.4.1-10589 - Command Injection
CVSS 8.0
CVE-2018-16217
HIGH
Yealink Ultra-elegant IP Phone SIP-T41P 66.83.0.35 - Authenticated OS Command Injection via Network Diagnostic Ping
CVSS 8.8
CVE-2018-14839
CRITICAL
KEV
LG N1A1 Firmware 3718.510 - Unauthenticated Remote Command Execution via HTTP POST Parameters
CVSS 9.8
CVE-2018-19990
CRITICAL
D-Link DIR-822 B1 202KRb06 - Path Traversal
CVSS 9.8
CVE-2018-19989
CRITICAL
D-Link DIR-822 Firmware - OS Command Injection via HNAP1 SetQoSSettings uplink Parameter
CVSS 9.8
CVE-2018-19988
CRITICAL
D-Link DIR-868L Rev.B 2.05B02 - Command Injection
CVSS 9.8
CVE-2018-19987
CRITICAL
D-Link DIR-818LW/822/860L/868L/880L/890L - OS Command Injection via HNAP1 SetAccessPointMode
CVSS 9.8
CVE-2018-19986
CRITICAL
D-Link DIR-818LW and DIR-822 Firmware - OS Command Injection via HNAP1 SetRouterSettings RemotePort Parameter
CVSS 9.8
CVE-2018-7084
CRITICAL
Aruba Instant 4.0-4.2.4.11 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2018-7082
HIGH
Aruba Instant 4.0-4.2.4.11 - Authenticated OS Command Injection
CVSS 7.2
CVE-2018-4061
HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated OS Command Injection via ACEManager iplogging.cgi
CVSS 8.8
CVE-2018-16660
HIGH
Imperva SecureSphere <13.1.0.10 - Command Injection
CVSS 8.8
CVE-2018-16216
HIGH
AudioCodes 405HD Firmware 2.2.12 - Authenticated OS Command Injection via Monitoring Web Interface
CVSS 8.0
CVE-2018-20434
CRITICAL
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
CVSS 9.8
CVE-2018-17990
HIGH
D-Link DSL-3782 Firmware 1.01 - Authenticated OS Command Injection via ScrIPaddrEndTXT Parameter
CVSS 8.8
Details
Vulnerabilities
6,041
Exploit Likelihood
High