CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,042 vulnerabilities with CWE-78
CVE-2018-10562
CRITICAL
KEV
Dasan GPON Router Firmware - OS Command Injection via diag_action ping dest_host Parameter
CVSS 9.8
CVE-2018-10431
HIGH
D-Link DIR-615 2.5.17 - Remote Code Execution via Traceroute Host Field
CVSS 7.2
CVE-2018-3836
HIGH
leptonica 1.74.4 - OS Command Injection via gplot rootname Argument
CVSS 7.8
CVE-2018-1144
CRITICAL
Belkin N750 Firmware 1.10.22 - Unauthenticated OS Command Injection via proxy.cgi
CVSS 9.8
CVE-2018-1143
CRITICAL
Belkin N750 Firmware 1.10.22 - Unauthenticated OS Command Injection via twonky_command.cgi
CVSS 9.8
CVE-2018-1167
HIGH
Spotify Music Player 1.0.69.336 - RCE
CVSS 8.8
CVE-2018-8735
HIGH
Nagios XI 5.2.0-5.4.12 - Remote Code Execution via OS Command Injection
CVSS 8.8
CVE-2018-0556
HIGH
Buffalo WZR-1750DHP2 Firmware < 2.30 - OS Command Injection
CVSS 8.8
CVE-2018-0545
CRITICAL
LXR 1.0.0-2.3.0 - Remote Code Execution
CVSS 9.8
CVE-2018-9285
CRITICAL
ASUS RT-AC Series Firmware - OS Command Injection via SystemCmd pingCNT and destIP Fields
CVSS 9.8
CVE-2018-0194
HIGH
Cisco IOS XE < 16.3.1 - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0193
HIGH
Cisco IOS XE < 16.3.1 - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0185
HIGH
Cisco IOS XE < 16.3.1 - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0184
MEDIUM
Cisco IOS XE 16.3-16.3.6 - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0183
MEDIUM
Cisco IOS XE < 3.13.2as - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0182
HIGH
Cisco IOS XE < 16.3.1 - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0176
HIGH
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0169
HIGH
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-1238
HIGH
Dell EMC ScaleIO < 2.5 - Authenticated OS Command Injection in Light Installation Agent
CVSS 7.5
CVE-2018-0539
CRITICAL
QQQ SYSTEMS 2.24 - OS Command Injection
CVSS 9.8
CVE-2018-6231
CRITICAL
Trend Micro Smart Protection Server < 3.3 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2018-6222
HIGH
Trend Micro Email Encryption Gateway 5.5 - OS Command Injection via Log File Location Manipulation
CVSS 7.8
CVE-2018-0523
HIGH
Buffalo WXR-1900DHP2 Firmware < 2.48 - OS Command Injection
CVSS 8.8
CVE-2018-7890
CRITICAL
Zoho ManageEngine Applications Manager <13.6 - Command Injection
CVSS 9.8
CVE-2018-0224
MEDIUM
Cisco StarOS - Authenticated OS Command Injection via CLI
CVSS 6.7
Details
Vulnerabilities
6,042
Exploit Likelihood
High