CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-6899 MEDIUM
D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1 - OS Command Injection via msp_info.htm flag/cmd/iface Parameter
CVSS 6.3
CVE-2025-6898 MEDIUM
D-Link DI-7300G+ 19.12.25A1 - OS Command Injection via proxy_client.asp
CVSS 6.3
CVE-2025-6897 MEDIUM
D-Link DI-7300G+ 19.12.25A1 - OS Command Injection via Time Parameter in httpd_debug.asp
CVSS 5.5
CVE-2025-6896 MEDIUM
D-Link DI-7300G+ 19.12.25A1 - OS Command Injection via wget_test.asp URL Parameter
CVSS 6.3
CVE-2025-36529 HIGH
TB-eye Network/AHD Recorders - Command Injection
CVSS 7.2
CVE-2025-34049 CRITICAL
OptiLink ONT1GEW GPON <V2.1.11_X101 Build 1127.190306 - Command Inj...
CVE-2025-34044 CRITICAL
WIFISKY 7-layer Flow Control Router - Command Injection
CVE-2025-34043 CRITICAL
Vacron NVR v1.4 - Command Injection
CVE-2025-34042 CRITICAL
Beward N100 IP Camera M2.1.6.04C014 - Command Injection
CVE-2025-52573 MEDIUM
ios-simulator-mcp < 1.3.3 - OS Command Injection via ui_tap Tool
CVSS 6.0
CVE-2025-6562 HIGH
Hunt Electronic Hybrid DVR - Command Injection
CVSS 8.8
CVE-2025-5459 HIGH
Puppet Enterprise <2023.8.3, <2025.3 - Command Injection
CVSS 8.8
CVE-2025-6621 MEDIUM
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via QuickSetting hour/minute Parameter
CVSS 6.3
CVE-2025-6620 MEDIUM
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via setUpgradeUboot FileName Parameter
CVSS 6.3
CVE-2025-6619 MEDIUM
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via setUpgradeFW FileName Parameter
CVSS 6.3
CVE-2025-6618 MEDIUM
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via SetWLanApcliSettings PIN Parameter
CVSS 6.3
CVE-2025-48890 CRITICAL
WRH-733GBK and WRH-733GWH - Command Injection
CVSS 9.8
CVE-2025-43879 CRITICAL
WRH-733GBK and WRH-733GWH - Command Injection
CVSS 9.8
CVE-2025-41427 HIGH
WRC-X3000GS- WRC-X3000GSA-WRC-X3000GSN - Command Injection
CVSS 8.8
CVE-2025-6559 CRITICAL
Sapido Wireless Router - Command Injection
CVSS 9.8
CVE-2025-34041 CRITICAL
Sangfor EDR <3.2.19 - Command Injection
CVE-2025-34037 CRITICAL
Linksys E-Series - Command Injection
CVE-2025-34036 CRITICAL
TVT White-Labeled DVR - Command Injection
CVSS 9.8
CVE-2025-34035 CRITICAL
EnGenius EnShare Cloud Service <1.4.11 - Command Injection
CVSS 9.8
CVE-2025-34033 HIGH
Blue Angel Software Suite - Command Injection
CVSS 8.8
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits