CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,969 vulnerabilities with CWE-78
CVE-2024-45251 CRITICAL
Elsight Halo 11.7.1.5 - OS Command Injection
CVSS 9.8
CVE-2024-9054 HIGH
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - OS Command Injection in Configuration Modules
CVSS 8.8
CVE-2024-46486 HIGH
TP-LINK TL-WDR5620 v2.3 - Remote Code Execution via httpProcDataSrv Function
CVSS 8.0
CVE-2024-46658 HIGH
Syrotech SY-GOPON-8OLT-L3 <1.6.0_240629 - Command Injection
CVSS 8.0
CVE-2024-41585 MEDIUM
DrayTek Vigor3910 Firmware < 4.3.2.6 - OS Command Injection via recvCmd Binary
CVSS 6.8
CVE-2024-45519 CRITICAL KEV
Zimbra Collaboration <8.8.15-9.0.0-10.0.9-10.1.1 - Command Injection
CVSS 10.0
CVE-2024-9441 CRITICAL
Linear eMerge e3-Series <1.00-07 - Command Injection
CVSS 9.8
CVE-2024-47608 CRITICAL
Logicytics < 2.3.1 - OS Command Injection
CVSS 9.8
CVE-2024-21531 MEDIUM
git-shallow-clone - OS Command Injection via Process Variable
CVSS 5.3
CVE-2024-23961 MEDIUM
Alpine Halo9 ilx-f509_firmware - Unauthenticated Remote Code Execution via UPDM_wemCmdUpdFSpeDecomp Command Injection
CVSS 6.8
CVE-2024-23924 MEDIUM
Alpine Halo9 ilx-f509_firmware - Unauthenticated Remote Code Execution via UPDM_wemCmdCreatSHA256Hash Command Injection
CVSS 6.8
CVE-2024-33368 HIGH
Plasmoapp RPShare Fabric mod 1.0.0 - Remote Code Execution via DownloadPromptScreen Build Method
CVSS 8.8
CVE-2024-46628 CRITICAL
Tenda G3 Router Firmware 15.03.05.05 - Remote Code Execution via usbPartitionName Parameter
CVSS 9.8
CVE-2024-9166 CRITICAL
Atemio AM 520 HD Full HD Satellite Receiver < TitanNit 2.01 - Unauthenticated OS Command Injection via getcommand Query
CVE-2024-46330 HIGH
VONETS VAP11G-300 v3.3.23.6.9 - OS Command Injection via iptablesWebsFilterRun Object
CVSS 7.4
CVE-2024-46329 HIGH
VONETS VAP11G-300 v3.3.23.6.9 - OS Command Injection via SystemCommand Object
CVSS 8.0
CVE-2024-44678 HIGH
Gigastone TR1 Travel Router R101 v1.0.2 - Command Injection
CVSS 8.0
CVE-2024-9076 MEDIUM
dedecms < 5.7.115 - OS Command Injection via article_string_mix.php
CVSS 4.7
CVE-2024-9004 MEDIUM
D-Link DAR-7000 Firmware < 2024-09-12 - OS Command Injection via Backup_Server_commit.php Host Parameter
CVSS 6.3
CVE-2024-9001 MEDIUM
TOTOLINK T10 4.1.8cu.5207 - OS Command Injection via setTracerouteCfg
CVSS 6.3
CVE-2024-43778 HIGH
TAKENAKA ENGINEERING CO., LTD. - Command Injection
CVSS 8.8
CVE-2024-8957 HIGH KEV
PTZOptics PT30X-SDI/NDI-xx < 6.3.40 - Unauthenticated OS Command Injection via NTP Address Configuration
CVSS 7.2
CVE-2024-45798 CRITICAL
arduino-esp32 - Poisoned Pipeline Execution via tests_results.yml Workflow
CVSS 9.9
CVE-2024-45682 HIGH
Millbeck Proroute H685T-W Firmware - OS Command Injection
CVSS 8.8
CVE-2024-42503 HIGH
Aruba OS <= 10.6.0.2 Authenticated OS Command Injection via CLI
CVSS 7.2
Details
Vulnerabilities 5,969
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits