CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-63414 CRITICAL
Allsky WebUI v2024.12.06_06 - Path Traversal
CVSS 10.0
CVE-2025-65074 HIGH
WaveStore Video Management Software Server < 6.42.4 - OS Command Execution via Path Traversal
CVSS 7.2
CVE-2025-14586 MEDIUM
TOTOLINK X5000R 9.1.0cu.2089_B20211224 - Command Injection
CVSS 6.3
CVE-2025-13481 HIGH
IBM Aspera Orchestrator 4.0.0-4.1.0 - Authenticated OS Command Injection
CVSS 8.8
CVE-2025-56130 HIGH
Ruijie RG-S1930 Firmware 3.0(1)B11P230 - OS Command Injection via module_update POST Request
CVSS 8.8
CVE-2025-56129 HIGH
Ruijie RG-BCR860 Firmware - OS Command Injection via Diagnosis Action POST Request
CVSS 8.8
CVE-2025-56127 HIGH
Ruijie RG-BCR600W Firmware - OS Command Injection via get_wanobj POST Request
CVSS 8.8
CVE-2025-56124 HIGH
Ruijie RG-X60 PRO and RG-EW1200 Firmware - OS Command Injection via module_get POST Request
CVSS 7.8
CVE-2025-56123 HIGH
Ruijie RG-EW1200G PRO and RG-EW1300G Firmware - OS Command Injection via module_get in networkConnect.lua
CVSS 8.8
CVE-2025-56122 HIGH
Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 - OS Command Injection via module_get in networkConnect.lua
CVSS 8.8
CVE-2025-56120 HIGH
Ruijie RG-X60 PRO and RG-EW1200 Firmware - OS Command Injection via module_set POST Request
CVSS 8.8
CVE-2025-56118 HIGH
Ruijie RG-EW3200GX and RG-X60 PRO Firmware - OS Command Injection via nbr_cwmp.lua module_set POST Request
CVSS 8.8
CVE-2025-56117 HIGH
Ruijie X30-PRO Firmware - OS Command Injection via Crafted POST Request to /usr/local/lua/dev_sta/nbr_cwmp.lua
CVSS 8.8
CVE-2025-56114 HIGH
Ruijie RG-EW1300G and M18-EW Firmware - OS Command Injection via config_retain.lua module_set Parameter
CVSS 8.8
CVE-2025-56113 HIGH
Ruijie RG-YST EST YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx - OS Command Injection via pwdmodify POST Request
CVSS 8.8
CVE-2025-56111 HIGH
Ruijie RG-BCR860 Firmware - OS Command Injection via network_set_wan_conf POST Request
CVSS 8.8
CVE-2025-56110 HIGH
Ruijie RG-BCR860 Firmware - OS Command Injection via action_deal_update POST Request
CVSS 8.8
CVE-2025-56109 HIGH
Ruijie RG-BCR860 Firmware - OS Command Injection via Wireless Admin POST Request
CVSS 8.8
CVE-2025-56108 HIGH
Ruijie X30-PRO Firmware - OS Command Injection via pwdmodify POST Request
CVSS 8.8
CVE-2025-56107 HIGH
Ruijie RG-BCR600W Firmware - OS Command Injection via submit_wifi POST Request
CVSS 8.8
CVE-2025-56106 HIGH
Ruijie RG-EW1800GX and RG-EST350 Firmware - OS Command Injection via nbr_cwmp.lua module_set POST Request
CVSS 8.8
CVE-2025-56102 HIGH
Ruijie RG-EW1800GX and RG-EW300R Firmware - OS Command Injection via module_get POST Request
CVSS 8.8
CVE-2025-56101 HIGH
Ruijie M18-EW and RG-EW1200R Firmware - OS Command Injection via module_get POST Request
CVSS 8.8
CVE-2025-56099 HIGH
Ruijie RG-YST AP_3.0(1)B11P280YST250F - OS Command Injection via pwdmodify POST Request
CVSS 8.8
CVE-2025-56098 HIGH
Ruijie X30-PRO and RG-EW300-PRO Firmware - OS Command Injection via module_get POST Request
CVSS 8.8
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits