CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,041 vulnerabilities with CWE-78
CVE-2018-0637
HIGH
Aterm HC100RC Firmware < 1.0.1 - Authenticated OS Command Injection via export.cgi encKey Parameter
CVSS 7.2
CVE-2018-0636
HIGH
Aterm HC100RC Firmware < 1.0.1 - Authenticated OS Command Injection via FactoryPassword Parameter
CVSS 7.2
CVE-2018-0635
HIGH
Aterm HC100RC Firmware < 1.0.1 - Authenticated OS Command Injection via Filename Parameter
CVSS 7.2
CVE-2018-0634
HIGH
Aterm HC100RC Firmware < 1.0.1 - Authenticated OS Command Injection via FactoryPassword or bootmode Parameter
CVSS 7.2
CVE-2018-0631
HIGH
Aterm W300P Firmware < 1.0.13 - Authenticated OS Command Injection via targetAPSsid Parameter
CVSS 7.2
CVE-2018-0630
HIGH
Aterm W300P < 1.0.13 - Authenticated OS Command Injection via sysCmd Parameter
CVSS 7.2
CVE-2018-0629
HIGH
Aterm W300P Firmware < 1.0.13 - Authenticated OS Command Injection via HTTP Request
CVSS 7.2
CVE-2018-0628
HIGH
Aterm WG1200HP Firmware <= 1.0.31 - Authenticated OS Command Injection via HTTP Request
CVSS 7.2
CVE-2018-0627
HIGH
Aterm WG1200HP Firmware <= 1.0.31 - Authenticated OS Command Injection via targetAPSsid Parameter
CVSS 7.2
CVE-2018-0626
HIGH
Aterm WG1200HP Firmware <= 1.0.31 - Authenticated OS Command Injection via sysCmd in formWsc Parameter
CVSS 7.2
CVE-2018-0625
HIGH
Aterm WG1200HP Firmware <= 1.0.31 - Authenticated OS Command Injection via formSysCmd Parameter
CVSS 7.2
CVE-2018-20114
CRITICAL
D-Link DIR-818LW and DIR-860L Firmware - Unauthenticated OS Command Injection via soap.cgi service Parameter
CVSS 9.8
CVE-2018-6342
CRITICAL
react-dev-utils <1.0.4, <2.0.2, <3.1.2, <4.2.2, <5.0.2 - OS Command Injection
CVSS 9.8
CVE-2018-18600
HIGH
Guardzilla 180 Outdoor and Indoor Firmware - OS Command Injection via Firmware Upgrade Parameter
CVSS 8.1
CVE-2018-15007
HIGH
Sky Elite 6.0L+ - Command Injection
CVSS 7.8
CVE-2018-14998
MEDIUM
Leagoo P1 Firmware - Unauthenticated Privilege Escalation via ADB Debuggable Property Manipulation
CVSS 6.8
CVE-2018-19239
HIGH
TRENDnet TEW-673GRU v1.00b40 - Command Injection
CVSS 7.2
CVE-2018-15722
HIGH
Logitech Harmony Hub < 4.15.206 - OS Command Injection via Time Update Request
CVSS 8.1
CVE-2018-1000885
CRITICAL
phkp - OS Command Injection via HKP-Api Lookup Parameter
CVSS 9.8
CVE-2018-18555
CRITICAL
VyOS 1.1.8 - Authenticated OS Command Injection via Management Shell Escape
CVSS 9.9
CVE-2018-19007
CRITICAL
Geutebrueck E2 Camera Series < 1.12.0.25 - OS Command Injection via DDNS Configuration
CVSS 9.8
CVE-2018-20057
HIGH
D-Link DIR-619L,DIR-605L <2.06B1,2.12B1 - RCE
CVSS 8.8
CVE-2018-19660
HIGH
Moxa NPort W2x50A <2.2 - Command Injection
CVSS 8.8
CVE-2018-19659
HIGH
Moxa NPort W2x50A <2.2 - Command Injection
CVSS 8.8
CVE-2018-19908
HIGH
MISP 2.4.90-2.4.98 - Authenticated OS Command Injection via STIX Import Filename
CVSS 8.8
Details
Vulnerabilities
6,041
Exploit Likelihood
High