CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,042 vulnerabilities with CWE-78
CVE-2018-1000006
HIGH
Electron < 1.7.11 - Remote Code Execution via Protocol Handler
CVSS 8.8
CVE-2018-0115
MEDIUM
Cisco StarOS - Authenticated OS Command Injection via CLI Command Arguments
CVSS 6.7
CVE-2018-0099
HIGH
Cisco D9800 Network Transport Receiver Firmware - Authenticated OS Command Injection via Web Management GUI
CVSS 8.8
CVE-2018-5371
HIGH
D-Link DSL-2640U/2540U - Authenticated RCE
CVSS 8.8
CVE-2018-5347
CRITICAL
Seagate Media Server - Command Injection
CVSS 9.8
CVE-2017-20236
CRITICAL
ProSoft Technology ICX35-HWC Command Injection via Web Interface
CVSS 9.8
CVE-2017-20216
CRITICAL
FLIR Thermal Camera PT-Series <8.0.0.64 - Command Injection
CVSS 9.8
CVE-2017-20215
HIGH
FLIR Thermal Camera FC-S/PT <8.0.0.64 - Command Injection
CVSS 8.8
CVE-2017-18858
CRITICAL
NETGEAR devices <12.0.2.11 - Command Injection
CVSS 9.8
CVE-2017-12945
HIGH
Solstice Pod < 2.8.4 - Authenticated OS Command Injection via Networking Configuration
CVSS 8.8
CVE-2017-18372
HIGH
Billion 5200W-T Firmware - Authenticated OS Command Injection via uiViewSNTPServer Parameter
CVSS 8.8
CVE-2017-18370
HIGH
Billion 5200w-t Firmware - OS Command Injection
CVSS 8.8
CVE-2017-18369
CRITICAL
Billion 5200W-T 1.02b.rc5.dt49 - Unauthenticated OS Command Injection via syslogServerAddr Parameter
CVSS 9.8
CVE-2017-18368
CRITICAL
KEV
Billion 5200w-t Firmware - OS Command Injection
CVSS 9.8
CVE-2017-2873
HIGH
Foscam C1 Indoor HD Camera 2.52.2.43 - OS Command Injection via SoftAP Configuration
CVSS 7.2
CVE-2017-3936
MEDIUM
McAfee ePolicy Orchestrator <5.9.0-5.1.0 - Command Injection
CVSS 6.2
CVE-2017-7637
CRITICAL
QNAP NAS <1.2.0 - Command Injection
CVSS 9.8
CVE-2017-16042
CRITICAL
Growl < 1.10.2 - OS Command Injection via Improper Input Sanitization
CVSS 9.8
CVE-2017-14434
HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-14433
HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-14432
HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-12125
HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-12121
HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-12120
HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-14481
CRITICAL
MMM::Agent::Helpers::Network::send_arp - Command Injection
CVSS 9.8
Details
Vulnerabilities
6,042
Exploit Likelihood
High