CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,042 vulnerabilities with CWE-78
CVE-2018-1000006 HIGH
Electron < 1.7.11 - Remote Code Execution via Protocol Handler
CVSS 8.8
CVE-2018-0115 MEDIUM
Cisco StarOS - Authenticated OS Command Injection via CLI Command Arguments
CVSS 6.7
CVE-2018-0099 HIGH
Cisco D9800 Network Transport Receiver Firmware - Authenticated OS Command Injection via Web Management GUI
CVSS 8.8
CVE-2018-5371 HIGH
D-Link DSL-2640U/2540U - Authenticated RCE
CVSS 8.8
CVE-2018-5347 CRITICAL
Seagate Media Server - Command Injection
CVSS 9.8
CVE-2017-20236 CRITICAL
ProSoft Technology ICX35-HWC Command Injection via Web Interface
CVSS 9.8
CVE-2017-20216 CRITICAL
FLIR Thermal Camera PT-Series <8.0.0.64 - Command Injection
CVSS 9.8
CVE-2017-20215 HIGH
FLIR Thermal Camera FC-S/PT <8.0.0.64 - Command Injection
CVSS 8.8
CVE-2017-18858 CRITICAL
NETGEAR devices <12.0.2.11 - Command Injection
CVSS 9.8
CVE-2017-12945 HIGH
Solstice Pod < 2.8.4 - Authenticated OS Command Injection via Networking Configuration
CVSS 8.8
CVE-2017-18372 HIGH
Billion 5200W-T Firmware - Authenticated OS Command Injection via uiViewSNTPServer Parameter
CVSS 8.8
CVE-2017-18370 HIGH
Billion 5200w-t Firmware - OS Command Injection
CVSS 8.8
CVE-2017-18369 CRITICAL
Billion 5200W-T 1.02b.rc5.dt49 - Unauthenticated OS Command Injection via syslogServerAddr Parameter
CVSS 9.8
CVE-2017-18368 CRITICAL KEV
Billion 5200w-t Firmware - OS Command Injection
CVSS 9.8
CVE-2017-2873 HIGH
Foscam C1 Indoor HD Camera 2.52.2.43 - OS Command Injection via SoftAP Configuration
CVSS 7.2
CVE-2017-3936 MEDIUM
McAfee ePolicy Orchestrator <5.9.0-5.1.0 - Command Injection
CVSS 6.2
CVE-2017-7637 CRITICAL
QNAP NAS <1.2.0 - Command Injection
CVSS 9.8
CVE-2017-16042 CRITICAL
Growl < 1.10.2 - OS Command Injection via Improper Input Sanitization
CVSS 9.8
CVE-2017-14434 HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-14433 HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-14432 HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-12125 HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-12121 HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-12120 HIGH
Moxa EDR-810 V4.1 - Command Injection
CVSS 8.8
CVE-2017-14481 CRITICAL
MMM::Agent::Helpers::Network::send_arp - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,042
Exploit Likelihood High