CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,041 vulnerabilities with CWE-78
CVE-2018-10587
HIGH
NetGain EM <10.0.57 - Command Injection
CVSS 7.2
CVE-2018-3910
HIGH
Yi Home Camera 27US 1.8.7.0D - OS Command Injection via SSID
CVSS 8.0
CVE-2018-16462
CRITICAL
apex-publish-static-files < 2.0.1 - OS Command Injection via Maliciously Crafted Argument
CVSS 10.0
CVE-2018-16461
CRITICAL
libnmap < 0.4.16 - OS Command Injection via Range Options
CVSS 9.8
CVE-2018-14558
CRITICAL
KEV
Tenda AC7/9/10 <15.03.06 - Command Injection
CVSS 9.8
CVE-2018-18728
CRITICAL
Tenda AC9, AC15, and AC18 Firmware - Remote Code Execution via USB Name Field
CVSS 9.8
CVE-2018-18638
HIGH
Neato Botvac Connected 2.2.0 - OS Command Injection via NTP Field in Setup API
CVSS 8.1
CVE-2018-15442
HIGH
Cisco Webex Meetings <33.6.4 & Productivity Tools 32.6.0-33.0.6 OS Command Injection
CVSS 7.8
CVE-2018-12670
CRITICAL
SV3C L-SERIES HD CAMERA - Command Injection
CVSS 9.8
CVE-2018-16232
HIGH
IPFire < 2.21 Core Update 124 - Authenticated OS Command Injection via backup.cgi
CVSS 8.8
CVE-2018-10823
HIGH
D-Link DWR-116 < 1.06, DWR-512/DWR-712/DWR-912/DWR-921 < 2.02, DWR-111 < 1.01 - OS Command Injection via chkisg.htm
CVSS 8.8
CVE-2018-3955
HIGH
Linksys E1200 and E2500 Firmware - Authenticated OS Command Injection via wan_domain Parameter
CVSS 7.2
CVE-2018-3954
HIGH
Linksys E1200 and E2500 Firmware - OS Command Injection via Router Name Parameter
CVSS 7.2
CVE-2018-3953
HIGH
Linksys E1200 and E2500 Firmware - OS Command Injection via Router Name Parameter
CVSS 7.2
CVE-2018-14772
HIGH
Pydio <8.2.1 - Authenticated Command Injection
CVSS 7.2
CVE-2018-17532
CRITICAL
Teltonika RUT9XX <00.04.233 - Command Injection
CVSS 9.8
CVE-2018-18322
CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2018-15368
MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.7
CVE-2018-0481
MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0477
MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0453
HIGH
Cisco Firepower Threat Defense - Authenticated OS Command Injection via Sourcefire Tunnel Control Channel
CVSS 8.2
CVE-2018-0433
HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2018-0432
HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated Privilege Escalation via Error Reporting Feature
CVSS 8.8
CVE-2018-0424
HIGH
Cisco RV110W, RV130W, and RV215W Firmware - Authenticated OS Command Injection via Web Management Interface
CVSS 8.8
CVE-2018-17787
CRITICAL
D-Link DIR-823G - Command Injection
CVSS 9.8
Details
Vulnerabilities
6,041
Exploit Likelihood
High