CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,041 vulnerabilities with CWE-78
CVE-2018-10587 HIGH
NetGain EM <10.0.57 - Command Injection
CVSS 7.2
CVE-2018-3910 HIGH
Yi Home Camera 27US 1.8.7.0D - OS Command Injection via SSID
CVSS 8.0
CVE-2018-16462 CRITICAL
apex-publish-static-files < 2.0.1 - OS Command Injection via Maliciously Crafted Argument
CVSS 10.0
CVE-2018-16461 CRITICAL
libnmap < 0.4.16 - OS Command Injection via Range Options
CVSS 9.8
CVE-2018-14558 CRITICAL KEV
Tenda AC7/9/10 <15.03.06 - Command Injection
CVSS 9.8
CVE-2018-18728 CRITICAL
Tenda AC9, AC15, and AC18 Firmware - Remote Code Execution via USB Name Field
CVSS 9.8
CVE-2018-18638 HIGH
Neato Botvac Connected 2.2.0 - OS Command Injection via NTP Field in Setup API
CVSS 8.1
CVE-2018-15442 HIGH
Cisco Webex Meetings <33.6.4 & Productivity Tools 32.6.0-33.0.6 OS Command Injection
CVSS 7.8
CVE-2018-12670 CRITICAL
SV3C L-SERIES HD CAMERA - Command Injection
CVSS 9.8
CVE-2018-16232 HIGH
IPFire < 2.21 Core Update 124 - Authenticated OS Command Injection via backup.cgi
CVSS 8.8
CVE-2018-10823 HIGH
D-Link DWR-116 < 1.06, DWR-512/DWR-712/DWR-912/DWR-921 < 2.02, DWR-111 < 1.01 - OS Command Injection via chkisg.htm
CVSS 8.8
CVE-2018-3955 HIGH
Linksys E1200 and E2500 Firmware - Authenticated OS Command Injection via wan_domain Parameter
CVSS 7.2
CVE-2018-3954 HIGH
Linksys E1200 and E2500 Firmware - OS Command Injection via Router Name Parameter
CVSS 7.2
CVE-2018-3953 HIGH
Linksys E1200 and E2500 Firmware - OS Command Injection via Router Name Parameter
CVSS 7.2
CVE-2018-14772 HIGH
Pydio <8.2.1 - Authenticated Command Injection
CVSS 7.2
CVE-2018-17532 CRITICAL
Teltonika RUT9XX <00.04.233 - Command Injection
CVSS 9.8
CVE-2018-18322 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2018-15368 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.7
CVE-2018-0481 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0477 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0453 HIGH
Cisco Firepower Threat Defense - Authenticated OS Command Injection via Sourcefire Tunnel Control Channel
CVSS 8.2
CVE-2018-0433 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2018-0432 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated Privilege Escalation via Error Reporting Feature
CVSS 8.8
CVE-2018-0424 HIGH
Cisco RV110W, RV130W, and RV215W Firmware - Authenticated OS Command Injection via Web Management Interface
CVSS 8.8
CVE-2018-17787 CRITICAL
D-Link DIR-823G - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,041
Exploit Likelihood High