CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-8823 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via setDeviceName DeviceName Parameter
CVSS 6.3
CVE-2025-8821 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via RP_setBasic bssid Parameter
CVSS 6.3
CVE-2025-8818 MEDIUM
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 - OS Command Injection via setDFSSetting lanNetmask/lanIp Parameter
CVSS 6.3
CVE-2025-8748 HIGH
MiR Robots < 3.0.0 - Authenticated OS Command Injection
CVSS 8.8
CVE-2025-54958 MEDIUM
Powered BLUE 870 <0.20130927 - Command Injection
CVSS 6.3
CVE-2025-8697 MEDIUM
agentUniverse <0.0.18 - Code Injection
CVSS 6.3
CVE-2025-34152 CRITICAL
Shenzhen Aitemi M300 Wi-Fi Repeater - Command Injection
CVE-2025-34151 CRITICAL
Shenzhen Aitemi M300 Wi-Fi Repeater - Command Injection
CVE-2025-34150 CRITICAL
Shenzhen Aitemi M300 Wi-Fi Repeater - Command Injection
CVE-2025-34149 CRITICAL
Shenzhen Aitemi M300 Wi-Fi Repeater - Command Injection
CVE-2025-34148 CRITICAL
Shenzhen Aitemi M300 MT02 - Command Injection
CVE-2025-8667 MEDIUM
SkyworkAI DeepResearchAgent <08eb7f8eb9505d0094d75bb97ff7dacc3fa3bb...
CVSS 6.3
CVE-2025-8665 MEDIUM
agno-agi agno <1.7.5 - Command Injection
CVSS 6.3
CVE-2025-22469 HIGH
CL4/6NX Plus <1.15.5-r1 - Command Injection
CVSS 7.3
CVE-2025-8655 MEDIUM
Kenwood DMX958XR - Unauthenticated Remote Code Execution via Firmware Update Process
CVSS 6.8
CVE-2025-8654 HIGH
Kenwood DMX958XR - Unauthenticated Remote Code Execution via ReadMVGImage Command Injection
CVSS 8.8
CVE-2025-8652 MEDIUM
Kenwood DMX958XR - Unauthenticated OS Command Injection via JKWifiService
CVSS 6.8
CVE-2025-8651 MEDIUM
Kenwood DMX958XR - Unauthenticated OS Command Injection via JKWifiService
CVSS 6.8
CVE-2025-8650 MEDIUM
Kenwood DMX958XR - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8649 MEDIUM
Kenwood DMX958XR - Unauthenticated OS Command Injection via JKWifiService
CVSS 6.8
CVE-2025-8648 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8647 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8646 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8645 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
CVE-2025-8644 MEDIUM
Kenwood DMX958XR Firmware - Unauthenticated OS Command Injection via Firmware Update Process
CVSS 6.8
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits