CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,970 vulnerabilities with CWE-78
CVE-2024-21906 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 4.7
CVE-2024-21903 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 6.6
CVE-2024-21898 HIGH
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 8.8
CVE-2024-8517 CRITICAL
SPIP <4.3.2-4.1.18 - Command Injection
CVSS 9.8
CVE-2024-7591 CRITICAL
Kemp LoadMaster 7.2.40.0-7.2.59.9 and Multi-Tenant Hypervisor Firmware 7.1.35.4-7.1.35.10 - OS Command Injection
CVSS 10.0
CVE-2024-20469 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Commands
CVSS 6.0
CVE-2024-43405 HIGH
Nuclei 3.0.0-3.3.1 - OS Command Injection via Template Signature Verification Bypass
CVSS 7.4
CVE-2024-43402 HIGH
Rust < 1.81.0 - OS Command Injection via Batch File Name Trailing Whitespace or Periods
CVSS 8.1
CVE-2024-7261 CRITICAL
Zyxel NWA/WAC/WAX/WBE/USG LITE Firmware - Unauthenticated OS Command Injection via Host Parameter
CVSS 9.8
CVE-2024-7203 HIGH
Zyxel ZLD 4.60-5.38 - Authenticated OS Command Injection via CLI Command
CVSS 7.2
CVE-2024-42060 HIGH
Zyxel ZLD 4.32-5.38 - Authenticated OS Command Injection via Crafted Internal User Agreement File
CVSS 7.2
CVE-2024-42059 HIGH
Zyxel ATP/USG FLEX/USG20-W VPN 5.00-5.38 - Authenticated OS Command Injection via FTP Language File Upload
CVSS 7.2
CVE-2024-42057 HIGH
Zyxel ATP/USG FLEX/USG20-W VPN 4.32-5.38 - Unauthenticated OS Command Injection via Long Username
CVSS 8.1
CVE-2024-8234 HIGH
Zyxel NWA1100-N <1.00(AACE.1)C0 - Command Injection
CVSS 7.5
CVE-2024-43804 HIGH
Roxy-WI - Authenticated OS Command Injection via Port Scanning Functionality
CVSS 8.8
CVE-2024-20289 MEDIUM
Cisco NX-OS Software - Command Injection
CVSS 4.4
CVE-2024-8214 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_FMT_Std2R5_2nd_DiskMGR f_source_dev Parameter
CVSS 6.3
CVE-2024-8213 MEDIUM
D-Link DNS and DNR Series Firmware - OS Command Injection via cgi_FMT_R12R5_1st_DiskMGR f_source_dev Parameter
CVSS 6.3
CVE-2024-8211 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_FMT_Std2R1_DiskMGR f_newly_dev Parameter
CVSS 6.3
CVE-2024-8210 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via hd_config.cgi f_mount Parameter
CVSS 6.3
CVE-2024-44342 CRITICAL
D-Link DIR-846W A1 FW100A43 - Remote Code Execution via wl(0).(0)_ssid Parameter
CVSS 9.8
CVE-2024-44341 CRITICAL
D-Link DIR-846W A1 FW100A43 - Remote Code Execution via lan(0)_dhcps_staticlist Parameter
CVSS 9.8
CVE-2024-44340 HIGH
D-Link DIR-846W A1 FW100A43 - Remote Code Execution via SetSmartQoSSettings Parameters
CVSS 8.8
CVE-2024-41622 CRITICAL
D-Link DIR-846W A1 FW100A43 - Remote Code Execution via Tomography Ping Address Parameter
CVSS 9.8
CVE-2024-8134 MEDIUM
D-Link DNS/NR Firmware - OS Command Injection via cgi_FMT_Std2R5_1st_DiskMGR f_source_dev Parameter
CVSS 6.3
Details
Vulnerabilities 5,970
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits