CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2024-13892 HIGH
Smartwares cameras - Command Injection
CVE-2024-5461 HIGH
Broadcom Fabric Operating System < 8.2.3e1 - Authenticated OS Command Injection via SNMP system.sh Calls
CVSS 8.0
CVE-2024-55904 HIGH
IBM DevOps Deploy 8.0.0.0-8.0.1.4 and UrbanCode Deploy 7.0.0.0-7.0.5.25 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-50569 MEDIUM
FortiWeb 7.0.0-7.6.0 - OS Command Injection
CVSS 6.6
CVE-2024-50567 HIGH
FortiWeb 7.4.0-7.6.0 - OS Command Injection via Crafted Input
CVSS 7.2
CVE-2024-40584 HIGH
Fortinet FortiAnalyzer <7.4.3 - OS Command Injection
CVSS 7.2
CVE-2024-47908 CRITICAL
Ivanti Cloud Services Appliance < 5.0.5 - Authenticated Remote Code Execution via Admin Web Console
CVSS 9.1
CVE-2024-8684 HIGH
Revolution Pi <2022-07-28-revpi-buster - Command Injection
CVSS 8.3
CVE-2024-57357 HIGH
TP-Link TL-WPA8630 Firmware 2.0.4 - Remote Code Execution via Command Injection in 'devpwd' Parameter
CVSS 8.0
CVE-2024-51450 CRITICAL
IBM Security Verify Directory 10.0.0-10.0.3 - Authenticated OS Command Injection
CVSS 9.1
CVE-2024-56132 HIGH
Progress LoadMaster 7.2.48.12-7.2.60.1 - Authenticated OS Command Injection
CVSS 8.4
CVE-2024-23690 HIGH
Netgear FVS336Gv2-3 - Command Injection
CVSS 7.2
CVE-2024-40891 HIGH KEV
Zyxel VMG4325-B10A - Command Injection
CVSS 8.8
CVE-2024-40890 HIGH KEV
Zyxel VMG4325-B10A - Command Injection
CVSS 8.8
CVE-2024-53942 MEDIUM
NRadio N8-180 NROS-1.9.2.n3.c5 - Command Injection
CVSS 4.8
CVE-2024-53584 CRITICAL
OpenPanel v0.3.4 - OS Command Injection via Timezone Parameter
CVSS 9.8
CVE-2024-57595 CRITICAL
DLink DIR-825 REVB 2.03 - Command Injection
CVSS 9.8
CVE-2024-57542 HIGH
Linksys E8450 v1.2.00.360516 - OS Command Injection via id_email_check_btn Field
CVSS 8.8
CVE-2024-13502 CRITICAL
Newtec/iDirect NTC2218-NTC2299 - OS Command Injection
CVE-2024-57025 MEDIUM
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 6.8
CVE-2024-57024 MEDIUM
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 6.8
CVE-2024-57023 MEDIUM
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 6.8
CVE-2024-57022 HIGH
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 8.8
CVE-2024-57021 HIGH
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 8.8
CVE-2024-57020 HIGH
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 8.8
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits