CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,041 vulnerabilities with CWE-78
CVE-2018-16408 HIGH
D-Link DIR-846 Firmware 100.26 - Authenticated Remote Code Execution via SetNetworkTomographySettings
CVSS 7.2
CVE-2018-16334 HIGH
Tenda AC10 Firmware < 15.03.06.23 and AC9 Firmware - OS Command Injection via MAC Parameter
CVSS 8.8
CVE-2018-15477 CRITICAL
myStrom WiFi Switch V1 < 2.66 - OS Command Injection via Cloud Parameter
CVSS 9.8
CVE-2018-11616 HIGH
Tencent Foxmail 7.2.9.115 - Remote Code Execution via URI Handler
CVSS 8.8
CVE-2018-14572 HIGH
conference-scheduler-cli < 0.10.1 - Remote Code Execution via Pickle Deserialization
CVSS 7.8
CVE-2018-15529 HIGH
Mutiny Monitoring Appliance < 6.1.0-5263 - Authenticated OS Command Injection via System Upgrade Filename
CVSS 8.8
CVE-2018-15887 HIGH
ASUS DSL-N12E_C1 1.1.2.3_345 - Authenticated Remote Command Execution via destIP Parameter
CVSS 8.8
CVE-2018-15877 HIGH
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
CVSS 8.8
CVE-2018-3786 CRITICAL
egg-scripts < 2.8.1 - OS Command Injection via Command Line Argument
CVSS 9.8
CVE-2018-15481 HIGH
UCOPIA Wireless Appliance Firmware 5.1.0-5.1.12 - Authenticated OS Command Injection via SSH LocalCommand
CVSS 8.8
CVE-2018-15553 HIGH
Telus Actiontec T2200H Firmware 31.128L.03 - OS Command Injection via smbdUserid or smbdPasswd Field
CVSS 8.8
CVE-2018-3785 CRITICAL
git-dummy-commit v1.3.0 - OS Command Injection via Unescaped Parameter
CVSS 9.8
CVE-2018-0427 HIGH
Cisco Application Policy Infrastructu... - Command Injection
CVSS 8.8
CVE-2018-15156 HIGH
OpenEMR <5.0.1.4 - Command Injection
CVSS 8.8
CVE-2018-15155 HIGH
OpenEMR <5.0.1.4 - Command Injection
CVSS 8.8
CVE-2018-15154 HIGH
OpenEMR <5.0.1.4 - Command Injection
CVSS 8.8
CVE-2018-15153 HIGH
OpenEMR <5.0.1.4 - Command Injection
CVSS 8.8
CVE-2018-3937 CRITICAL
Sony IPELA E Series Network Camera G5 Firmware 1.87.00 - OS Command Injection via measurementBitrateExec
CVSS 9.1
CVE-2018-14933 CRITICAL KEV
NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter
CVSS 9.8
CVE-2018-14417 CRITICAL
SoftNAS Cloud <4.0.3 - Command Injection
CVSS 9.8
CVE-2018-12483 HIGH
OCS Inventory 2.4.1 - Command Injection
CVSS 8.8
CVE-2018-10900 HIGH
Network Manager VPNC Username Privilege Escalation
CVSS 7.8
CVE-2018-10905 HIGH
CloudForms Management Engine - Privilege Escalation via dRuby Security Setting
CVSS 7.8
CVE-2018-0349 CRITICAL
Cisco SD-WAN Solution < 18.3.0 - Authenticated Arbitrary File Write via CLI request admin-tech Command
CVSS 9.8
CVE-2018-0348 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated OS Command Injection via VPN Load Command
CVSS 7.2
Details
Vulnerabilities 6,041
Exploit Likelihood High