CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,945 vulnerabilities with CWE-78
CVE-2026-9513
MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection
CVSS 6.3
CVE-2026-9512
MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setPasswordCfg os command injection
CVSS 6.3
CVE-2026-9511
MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setWebWlanIdx os command injection
CVSS 6.3
CVE-2026-9478
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setParentalRules os command injection
CVSS 9.8
CVE-2026-9477
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setAccessDeviceCfg os command injection
CVSS 9.8
CVE-2026-9476
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setPasswordCfg os command injection
CVSS 9.8
CVE-2026-9475
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setIpQosRules os command injection
CVSS 9.8
CVE-2026-9458
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection
CVSS 9.8
CVE-2026-9457
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection
CVSS 9.8
CVE-2026-9456
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection
CVSS 9.8
CVE-2026-9455
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection
CVSS 9.8
CVE-2026-9454
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCertGenerationCfg os command injection
CVSS 9.8
CVE-2026-9452
HIGH
FoundDream miniclawd exec.ts ExecTool.execute os command injection
CVSS 7.3
CVE-2026-9437
MEDIUM
DTStack Taier REST API Runtime.exec os command injection
CVSS 6.3
CVE-2026-9436
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection
CVSS 9.8
CVE-2026-9435
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setQosCfg os command injection
CVSS 9.8
CVE-2026-9434
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setWiFiWpsCfg os command injection
CVSS 9.8
CVE-2026-9433
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection
CVSS 9.8
CVE-2026-9432
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection
CVSS 9.8
CVE-2026-9424
MEDIUM
Edimax EW-7438RPn Content-Type formWlanMP os command injection
CVSS 6.3
CVE-2026-8652
HIGH
NEC Platforms, Ltd. Aterm MR51FN - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-9408
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setStaticDhcpRules os command injection
CVSS 9.8
CVE-2026-9407
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setFirewallType os command injection
CVSS 9.8
CVE-2026-9406
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setRemoteCfg os command injection
CVSS 9.8
CVE-2026-9405
CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setGameSpeedCfg os command injection
CVSS 9.8
Details
Vulnerabilities
5,945
Exploit Likelihood
High