CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,041 vulnerabilities with CWE-78
CVE-2018-16117 HIGH
Sophos SFOS < 17.0 - Authenticated OS Command Injection via Admin Portal dbName Parameter
CVSS 8.8
CVE-2018-16593 HIGH
Sony Bravia TV < 8.587 - OS Command Injection via Photo Sharing Plus
CVSS 8.8
CVE-2018-16618 CRITICAL
VTech Storio Max <56.D3JM6 - Command Injection
CVSS 9.8
CVE-2018-18472 CRITICAL
Western Digital My Book Live and My Book Live Duo - Unauthenticated Remote Code Execution via Language Configuration API
CVSS 9.8
CVE-2018-18852 HIGH
Cerio DT-300N 1.1.6-1.1.12 - OS Command Injection via PING Feature
CVSS 8.8
CVE-2018-20841 CRITICAL
HooToo TripMate Titan HT-TM05 Firmware 2.000.022 and 2.000.082 - Remote Command Execution via mac Parameter
CVSS 9.8
CVE-2018-10702 HIGH
Moxa AWK-3121 1.14 - OS Command Injection via iw_filename POST Parameter
CVSS 8.8
CVE-2018-10699 HIGH
Moxa AWK-3121 Firmware 1.14 - OS Command Injection via iw_privatePass Parameter
CVSS 8.8
CVE-2018-10697 HIGH
Moxa AWK-3121 1.14 - OS Command Injection via srvName Parameter
CVSS 8.8
CVE-2018-5265 HIGH
Ubiquiti EdgeOS 1.9.1 - Authenticated Remote Code Execution via Unsanitized Alias or IPS Parameter
CVSS 7.2
CVE-2018-19977 HIGH
Auerswald COMfort 1200 IP phone <3.4.4.1-10589 - Command Injection
CVSS 8.0
CVE-2018-16217 HIGH
Yealink Ultra-elegant IP Phone SIP-T41P 66.83.0.35 - Authenticated OS Command Injection via Network Diagnostic Ping
CVSS 8.8
CVE-2018-14839 CRITICAL KEV
LG N1A1 Firmware 3718.510 - Unauthenticated Remote Command Execution via HTTP POST Parameters
CVSS 9.8
CVE-2018-19990 CRITICAL
D-Link DIR-822 B1 202KRb06 - Path Traversal
CVSS 9.8
CVE-2018-19989 CRITICAL
D-Link DIR-822 Firmware - OS Command Injection via HNAP1 SetQoSSettings uplink Parameter
CVSS 9.8
CVE-2018-19988 CRITICAL
D-Link DIR-868L Rev.B 2.05B02 - Command Injection
CVSS 9.8
CVE-2018-19987 CRITICAL
D-Link DIR-818LW/822/860L/868L/880L/890L - OS Command Injection via HNAP1 SetAccessPointMode
CVSS 9.8
CVE-2018-19986 CRITICAL
D-Link DIR-818LW and DIR-822 Firmware - OS Command Injection via HNAP1 SetRouterSettings RemotePort Parameter
CVSS 9.8
CVE-2018-7084 CRITICAL
Aruba Instant 4.0-4.2.4.11 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2018-7082 HIGH
Aruba Instant 4.0-4.2.4.11 - Authenticated OS Command Injection
CVSS 7.2
CVE-2018-4061 HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated OS Command Injection via ACEManager iplogging.cgi
CVSS 8.8
CVE-2018-16660 HIGH
Imperva SecureSphere <13.1.0.10 - Command Injection
CVSS 8.8
CVE-2018-16216 HIGH
AudioCodes 405HD Firmware 2.2.12 - Authenticated OS Command Injection via Monitoring Web Interface
CVSS 8.0
CVE-2018-20434 CRITICAL
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
CVSS 9.8
CVE-2018-17990 HIGH
D-Link DSL-3782 Firmware 1.01 - Authenticated OS Command Injection via ScrIPaddrEndTXT Parameter
CVSS 8.8
Details
Vulnerabilities 6,041
Exploit Likelihood High