CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,969 vulnerabilities with CWE-78
CVE-2024-11065 HIGH
D-Link DSL6740C Firmware - Authenticated OS Command Injection via SSH and Telnet
CVSS 7.2
CVE-2024-11064 HIGH
D-Link DSL6740C Firmware - Authenticated OS Command Injection via SSH and Telnet
CVSS 7.2
CVE-2024-11063 HIGH
D-Link DSL6740C Firmware - Authenticated OS Command Injection via SSH and Telnet
CVSS 7.2
CVE-2024-11062 HIGH
D-Link DSL6740C Firmware - Authenticated OS Command Injection via SSH and Telnet
CVSS 7.2
CVE-2024-41992 HIGH
Wi-Fi Alliance wfa_dut <9.0.0 - Command Injection
CVSS 8.8
CVE-2024-11046 MEDIUM
D-Link DI-8003 16.07.16A1 - OS Command Injection via upgrade_filter.asp Path Parameter
CVSS 6.3
CVE-2024-50809 HIGH
SDCMS 2.8 - OS Command Injection via theme.php
CVSS 8.8
CVE-2024-45763 CRITICAL
Dell Enterprise SONiC OS 4.1.0-4.1.5 - Authenticated OS Command Injection
CVSS 9.1
CVE-2024-45765 CRITICAL
Dell Enterprise SONiC OS 4.1.0-4.1.5 - Authenticated OS Command Injection
CVSS 9.1
CVE-2024-10966 MEDIUM
TOTOLINK X18 9.1.0cu.2024_B20220329 - OS Command Injection via cstecgi.cgi enable Parameter
CVSS 6.3
CVE-2024-48954 MEDIUM
Logpoint SIEM < 7.5.0 - Authenticated Remote Code Execution via EventHub Collector Setup
CVSS 6.4
CVE-2024-10919 MEDIUM
didi Super-Jacoco 1.0 - OS Command Injection via UUID Parameter
CVSS 6.3
CVE-2024-10915 HIGH
D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - OS Command Injection via group Parameter
CVSS 8.1
CVE-2024-10914 HIGH
D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - OS Command Injection via cgi_user_add name Parameter
CVSS 8.1
CVE-2024-52021 HIGH
Netgear R8500 <1.0.2.160 - Command Injection
CVSS 8.0
CVE-2024-52020 HIGH
Netgear R8500 <1.0.2.160 - Command Injection
CVSS 8.0
CVE-2024-52019 HIGH
Netgear R8500 v1.0.2.160 - Command Injection
CVSS 8.0
CVE-2024-52018 HIGH
Netgear XR300 v1.0.3.78 - Command Injection
CVSS 8.0
CVE-2024-51024 HIGH
D-Link DIR-823G Firmware 1.0.2B05 - OS Command Injection via SetWanSettings HostName Parameter
CVSS 8.0
CVE-2024-51023 HIGH
D-Link DIR-823G Firmware 1.0.2B05 - OS Command Injection via Address Parameter
CVSS 8.8
CVE-2024-51021 HIGH
Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400v2 1.0.4.128 - OS Command Injection via wan_gateway Parameter
CVSS 8.0
CVE-2024-51010 HIGH
Netgear R8500/R7000P/R6400v2/XR300 OS Command Injection via apmode_gateway
CVSS 8.0
CVE-2024-51009 HIGH
Netgear R8500 v1.0.2.160 - OS Command Injection via wan_gateway Parameter
CVSS 8.0
CVE-2024-51008 HIGH
Netgear XR300 v1.0.3.78 - OS Command Injection via system_name Parameter
CVSS 8.0
CVE-2024-51005 HIGH
Netgear R8500 Firmware 1.0.2.160 - OS Command Injection via share_name Parameter
CVSS 8.0
Details
Vulnerabilities 5,969
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits