CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,041 vulnerabilities with CWE-78
CVE-2018-14357 CRITICAL
Mutt < 1.10.1 and NeoMutt < 20180716 - Remote Command Execution via IMAP Mailbox Subscription
CVSS 9.8
CVE-2018-14354 CRITICAL
Mutt < 1.10.1 and NeoMutt < 20180716 - OS Command Injection via IMAP Mailboxes Command
CVSS 9.8
CVE-2018-0710 HIGH
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via SSH
CVSS 8.8
CVE-2018-0709 HIGH
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via Date Parameter
CVSS 8.8
CVE-2018-0708 HIGH
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection
CVSS 8.8
CVE-2018-0707 HIGH
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection via Change Password
CVSS 7.2
CVE-2018-0341 HIGH
Cisco IP Phone 6800/7800/8800 Series OS Command Injection via Web UI
CVSS 8.8
CVE-2018-14060 CRITICAL
Xiaomi R3D <2.26.4 - Command Injection
CVSS 9.8
CVE-2018-14010 CRITICAL
Xiaomi R3P/R3C/R3/R3D Firmware < 2.14.5/2.12.15/2.22.15/2.26.4 - OS Command Injection via Guest Wi-Fi Settings
CVSS 9.8
CVE-2018-5553 CRITICAL
Crestron Console <1.3384.00049.001 - Command Injection
CVSS 9.8
CVE-2018-13797 CRITICAL
node-macaddress < 0.2.9 - OS Command Injection via Unsanitized Input to exec Call
CVSS 9.8
CVE-2018-6831 HIGH
Foscam Cameras - Authenticated OS Command Injection via NTP Server Argument
CVSS 7.2
CVE-2018-10987 HIGH
diqee360_firmware - Authenticated Remote Code Execution via UDP Command 153
CVSS 7.5
CVE-2018-9276 HIGH KEV
PRTG Network Monitor < 18.2.39 - Authenticated OS Command Injection via Sensor or Notification Parameters
CVSS 7.2
CVE-2018-12577 HIGH
TP-Link TL-WR841N <v13 - Authenticated Command Injection
CVSS 8.8
CVE-2018-12465 CRITICAL
Micro Focus SMG <471 - Command Injection
CVSS 9.1
CVE-2018-12972 CRITICAL
OpenTSDB 2.3.0 - OS Command Injection via /q URI Parameters
CVSS 9.8
CVE-2018-11510 CRITICAL
ASUSTOR ADM < 3.1.2.rhg1 - Unauthenticated Remote Code Execution via script Parameter
CVSS 9.8
CVE-2018-4860 HIGH
SCALANCE M875 - Authenticated OS Command Injection via Web Interface
CVSS 7.2
CVE-2018-4859 HIGH
SCALANCE M875 Firmware - Authenticated OS Command Injection via Web Interface
CVSS 7.2
CVE-2018-10660 CRITICAL
Axis IP Cameras - OS Command Injection
CVSS 9.8
CVE-2018-0569 HIGH
baserCMS 3.0.0-3.0.15 and 4.0.0-4.1.0.1 - Authenticated OS Command Injection
CVSS 8.8
CVE-2018-12692 HIGH
TP-Link TL-WA850RE <5 - Command Injection
CVSS 8.8
CVE-2018-0306 HIGH
Cisco NX-OS < 7.3(3)n1(1) - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0330 HIGH
Cisco NX-OS 7.3-7.3(3)n1(1) - Authenticated OS Command Injection via NX-API Parameter Bypass
CVSS 8.8
Details
Vulnerabilities 6,041
Exploit Likelihood High