CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,042 vulnerabilities with CWE-78
CVE-2018-10562 CRITICAL KEV
Dasan GPON Router Firmware - OS Command Injection via diag_action ping dest_host Parameter
CVSS 9.8
CVE-2018-10431 HIGH
D-Link DIR-615 2.5.17 - Remote Code Execution via Traceroute Host Field
CVSS 7.2
CVE-2018-3836 HIGH
leptonica 1.74.4 - OS Command Injection via gplot rootname Argument
CVSS 7.8
CVE-2018-1144 CRITICAL
Belkin N750 Firmware 1.10.22 - Unauthenticated OS Command Injection via proxy.cgi
CVSS 9.8
CVE-2018-1143 CRITICAL
Belkin N750 Firmware 1.10.22 - Unauthenticated OS Command Injection via twonky_command.cgi
CVSS 9.8
CVE-2018-1167 HIGH
Spotify Music Player 1.0.69.336 - RCE
CVSS 8.8
CVE-2018-8735 HIGH
Nagios XI 5.2.0-5.4.12 - Remote Code Execution via OS Command Injection
CVSS 8.8
CVE-2018-0556 HIGH
Buffalo WZR-1750DHP2 Firmware < 2.30 - OS Command Injection
CVSS 8.8
CVE-2018-0545 CRITICAL
LXR 1.0.0-2.3.0 - Remote Code Execution
CVSS 9.8
CVE-2018-9285 CRITICAL
ASUS RT-AC Series Firmware - OS Command Injection via SystemCmd pingCNT and destIP Fields
CVSS 9.8
CVE-2018-0194 HIGH
Cisco IOS XE < 16.3.1 - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0193 HIGH
Cisco IOS XE < 16.3.1 - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0185 HIGH
Cisco IOS XE < 16.3.1 - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0184 MEDIUM
Cisco IOS XE 16.3-16.3.6 - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0183 MEDIUM
Cisco IOS XE < 3.13.2as - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0182 HIGH
Cisco IOS XE < 16.3.1 - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0176 HIGH
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-0169 HIGH
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 7.8
CVE-2018-1238 HIGH
Dell EMC ScaleIO < 2.5 - Authenticated OS Command Injection in Light Installation Agent
CVSS 7.5
CVE-2018-0539 CRITICAL
QQQ SYSTEMS 2.24 - OS Command Injection
CVSS 9.8
CVE-2018-6231 CRITICAL
Trend Micro Smart Protection Server < 3.3 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2018-6222 HIGH
Trend Micro Email Encryption Gateway 5.5 - OS Command Injection via Log File Location Manipulation
CVSS 7.8
CVE-2018-0523 HIGH
Buffalo WXR-1900DHP2 Firmware < 2.48 - OS Command Injection
CVSS 8.8
CVE-2018-7890 CRITICAL
Zoho ManageEngine Applications Manager <13.6 - Command Injection
CVSS 9.8
CVE-2018-0224 MEDIUM
Cisco StarOS - Authenticated OS Command Injection via CLI
CVSS 6.7
Details
Vulnerabilities 6,042
Exploit Likelihood High