CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,969 vulnerabilities with CWE-78
CVE-2024-50993
HIGH
Netgear R8500 v1.0.2.160 - OS Command Injection via sysNewPasswd Parameter
CVSS 8.0
CVE-2024-45893
HIGH
DrayTek Vigor3900 1.5.1.3 - Authenticated OS Command Injection via action Parameter
CVSS 8.0
CVE-2024-45891
HIGH
DrayTek Vigor3900 1.5.1.3 - Authenticated OS Command Injection via delete_wlan_profile Action Parameter
CVSS 8.0
CVE-2024-45890
HIGH
DrayTek Vigor3900 1.5.1.3 - Authenticated OS Command Injection via action Parameter
CVSS 8.0
CVE-2024-45889
HIGH
DrayTek Vigor3900 1.5.1.3 - Authenticated OS Command Injection via action parameter
CVSS 8.0
CVE-2024-45888
HIGH
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via action Parameter in mainfunction.cgi
CVSS 8.0
CVE-2024-45887
HIGH
DrayTek Vigor3900 1.5.1.3 - Authenticated OS Command Injection via mainfunction.cgi action Parameter
CVSS 8.0
CVE-2024-45885
HIGH
DrayTek Vigor3900 1.5.1.3 - Authenticated OS Command Injection via action Parameter
CVSS 8.0
CVE-2024-45884
HIGH
DrayTek Vigor3900 1.5.1.3 - Authenticated OS Command Injection via action Parameter
CVSS 8.0
CVE-2024-45882
HIGH
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via action Parameter in mainfunction.cgi
CVSS 8.0
CVE-2024-51253
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi doL2TP Function
CVSS 8.0
CVE-2024-51251
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi Backup Function
CVSS 8.0
CVE-2024-51249
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi Reboot Function
CVSS 8.0
CVE-2024-51246
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi doPPTP Function
CVSS 8.0
CVE-2024-10035
CRITICAL
BG-TEK CoslatV3 < 3.1069 - OS Command Injection
CVSS 9.8
CVE-2024-51661
CRITICAL
Media Library Assistant <3.19 - Command Injection
CVSS 9.1
CVE-2024-51252
CRITICAL
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi Restore Function
CVSS 9.8
CVE-2024-51248
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi modifyrow Function
CVSS 8.8
CVE-2024-51247
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi doPPPo Function
CVSS 8.8
CVE-2024-51245
HIGH
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi rename_table
CVSS 8.8
CVE-2024-51244
HIGH
Draytek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi doIPSec Parameter
CVSS 8.8
CVE-2024-10653
HIGH
CHANGING Information Technology IDExpert 2.5-2.8 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-8934
MEDIUM
TwinCAT Package Manager < 1.0.603.0 - Authenticated OS Command Injection via UI Settings
CVSS 6.5
CVE-2024-36060
HIGH
EnGenius EnStation5-AC - Command Injection
CVSS 8.8
CVE-2024-51568
CRITICAL
CyberPanel <2.3.5 - Command Injection
CVSS 10.0
Details
Vulnerabilities
5,969
Exploit Likelihood
High