CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,970 vulnerabilities with CWE-78
CVE-2024-42503 HIGH
Aruba OS <= 10.6.0.2 Authenticated OS Command Injection via CLI
CVSS 7.2
CVE-2024-42502 HIGH
Aruba OS <= 10.6.0.2, <= 10.6.0.0, <= 10.4.0.0, <= 8.12.0.0, <= 8.12.0.1 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-45698 CRITICAL
D-Link DIR-X4860 Firmware - Unauthenticated OS Command Injection via Telnet Service
CVSS 9.8
CVE-2024-8869 MEDIUM
TOTOLINK A720R 4.1.5 - OS Command Injection via exportOvpn Function
CVSS 5.0
CVE-2024-8281 HIGH
Lenovo XCC - Authenticated OS Command Injection via SSH Captive Shell
CVSS 7.2
CVE-2024-8280 HIGH
Lenovo XCC - Authenticated OS Command Injection via Crafted File
CVSS 7.2
CVE-2024-8279 HIGH
Lenovo ThinkAgile XCC - Authenticated OS Command Injection via File Upload
CVSS 7.2
CVE-2024-8278 HIGH
Lenovo ThinkAgile XCC - Authenticated OS Command Injection via IPMI Commands
CVSS 7.2
CVE-2024-8686 HIGH
Palo Alto Networks PAN-OS - Command Injection
CVSS 7.2
CVE-2024-20483 HIGH
Cisco Routed PON Controller Software - Command Injection
CVSS 7.2
CVE-2024-20398 HIGH
Cisco IOS XR - Privilege Escalation
CVSS 8.8
CVE-2024-6091 CRITICAL
agpt autogpt_classic - OS Command Injection via Denylist Bypass
CVSS 9.8
CVE-2024-8190 HIGH KEV
Ivanti Cloud Services Appliance <4.6.518 - Command Injection
CVSS 7.2
CVE-2024-8504 HIGH
VICIdial Agent Interface - Authenticated Root Command Execution
CVSS 8.8
CVE-2024-7699 HIGH
Phoenix Contact mGuard RS/FL Series VPN Firmware < 8.9.3 - Remote Code Execution via OS Command Injection
CVSS 8.8
CVE-2024-43387 HIGH
Phoenix Contact mGuard Firmware < 8.9.3 - Authenticated Arbitrary File Read and Write via EMAIL_RELAY_PASSWORD
CVSS 8.8
CVE-2024-43386 HIGH
Phoenix Contact mGuard RS/FL Series < 8.9.3 - Authenticated OS Command Injection via EMAIL_NOTIFICATION.TO Variable
CVSS 8.8
CVE-2024-43385 HIGH
Phoenix Contact mGuard Firmware < 8.9.3 - Authenticated OS Command Injection via PROXY_HTTP_PORT
CVSS 8.8
CVE-2024-44072 MEDIUM
BUFFALO Wireless LAN - Command Injection
CVSS 5.7
CVE-2024-6342 CRITICAL
Zyxel NAS326 and NAS542 Firmware - Unauthenticated OS Command Injection via Export-CGI
CVSS 9.8
CVE-2024-44333 HIGH
D-Link DI Routers usb_paswd.asp - Remote Command Execution
CVSS 8.8
CVE-2024-8574 MEDIUM
TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 - Command Injection
CVSS 6.3
CVE-2024-44845 HIGH
DrayTek Vigor3900 <1.5.1.6 - Command Injection
CVSS 8.8
CVE-2024-44844 HIGH
DrayTek Vigor3900 <1.5.1.6 - Command Injection
CVSS 8.8
CVE-2024-38641 HIGH
QNAP QTS and QuTS hero < 5.1.8.2823 - OS Command Injection
CVSS 7.8
Details
Vulnerabilities 5,970
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits