CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,969 vulnerabilities with CWE-78
CVE-2024-48633 HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetVirtualServerSettings Parameters
CVSS 8.0
CVE-2024-48632 HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetPortForwardingSettings Parameters
CVSS 8.0
CVE-2024-48631 HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetWLanRadioSettings SSID Parameter
CVSS 8.0
CVE-2024-48630 HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetMACFilters2 MacAddress Parameter
CVSS 8.0
CVE-2024-48629 HIGH
D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via IPAddress Parameter
CVSS 8.0
CVE-2024-6333 HIGH
Xerox AltaLink VersaLink and WorkCentre - Authenticated Remote Code Execution
CVSS 7.2
CVE-2024-20461 MEDIUM
Cisco ATA 190 Series - Command Injection
CVSS 6.0
CVE-2024-20459 MEDIUM
Cisco ATA 190 - Privilege Escalation
CVSS 6.5
CVE-2024-20458 HIGH
Cisco ATA 190 Series - Info Disclosure
CVSS 8.2
CVE-2024-22033 MEDIUM
SUSE Package Hub 15 SP5 < 0.2.1-bp155.3.3.1 - OS Command Injection via obs-service-download_url Configuration
CVSS 6.3
CVE-2024-9977 MEDIUM
MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 - Command Injection
CVSS 4.7
CVE-2024-35519 HIGH
Netgear EX3700 < 1.0.0.96, EX6100 < 1.0.2.28, EX6120 < 1.0.0.68 - OS Command Injection via ap_mode Parameter
CVSS 8.4
CVE-2024-9139 HIGH
Product <Version - Command Injection
CVSS 7.2
CVE-2024-9916 HIGH
Usualtoolcms - OS Command Injection
CVSS 7.3
CVE-2024-8755 HIGH
LoadMaster <7.2.60.1 - OS Command Injection
CVSS 8.4
CVE-2024-9793 MEDIUM
Tenda AC1206 <= 15.03.06.23 - OS Command Injection via ate_iwpriv_set/ate_ifconfig_set
CVSS 6.3
CVE-2024-9464 MEDIUM
Palo Alto Networks Expedition 1.2.0-1.2.95 - Authenticated OS Command Injection
CVSS 6.5
CVE-2024-9463 HIGH KEV
Palo Alto Networks Expedition 1.2.0-1.2.95 - Unauthenticated OS Command Injection
CVSS 7.5
CVE-2024-46316 HIGH
DrayTek Vigor3900 v1.5.1.6 - OS Command Injection via /cgi-bin/mainfunction.cgi
CVSS 8.0
CVE-2024-45720 HIGH
Apache Subversion <= 1.14.3 - OS Command Injection via Windows Command Line Argument Encoding
CVSS 8.2
CVE-2024-9380 HIGH KEV
Ivanti Endpoint Manager Cloud Services Appliance < 5.0.2 - Authenticated Remote Code Execution via Admin Web Console
CVSS 7.2
CVE-2024-45880 HIGH
Motorola CX2L <1.0.2 - Command Injection
CVSS 8.0
CVE-2024-21532 HIGH
ggit - OS Command Injection via fetchTags API
CVSS 7.3
CVE-2024-8926 HIGH
PHP 8.1.0-8.1.29 - OS Command Injection via Windows Codepage Configuration Bypass
CVSS 8.1
CVE-2024-45252 CRITICAL
Elsight Halo 11.7.1.5 - OS Command Injection
CVSS 9.8
Details
Vulnerabilities 5,969
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits