CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,970 vulnerabilities with CWE-78
CVE-2024-8133 MEDIUM
D-Link DNS and DNR Firmware - OS Command Injection via cgi_FMT_R5_SpareDsk_DiskMGR f_source_dev Parameter
CVSS 6.3
CVE-2024-8132 MEDIUM
D-Link DNS/NR Firmware - OS Command Injection via webdav_mgr.cgi f_path Parameter
CVSS 6.3
CVE-2024-8131 MEDIUM
D-Link DNS-120-DNS-1550-04 - Command Injection
CVSS 6.3
CVE-2024-8130 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_s3 HTTP POST Parameter
CVSS 6.3
CVE-2024-8129 MEDIUM
D-Link DNS/NR Firmware - OS Command Injection via cgi_s3_modify f_job_name Parameter
CVSS 6.3
CVE-2024-8128 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_add_zip Path Parameter
CVSS 6.3
CVE-2024-8127 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_unzip Path Parameter
CVSS 6.3
CVE-2024-8077 MEDIUM
TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 - Command Injection
CVSS 6.3
CVE-2024-8075 MEDIUM
TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 - Command Injection
CVSS 6.3
CVE-2024-7448 HIGH
Magnet Forensics AXIOM - OS Command Injection via Android Device Image Acquisition
CVSS 8.0
CVE-2024-42633 HIGH
Linksys E1500 <1.0.06.001 - Command Injection
CVSS 8.8
CVE-2024-42757 CRITICAL
Asus RT-N15U 3.0.0.4.376_3754 - Command Injection
CVSS 9.8
CVE-2024-42978 CRITICAL
Tenda FH1206 <v02.03.01.35 - Command Injection
CVSS 9.8
CVE-2024-39402 HIGH
Adobe Commerce < 2.4.3 - Authenticated OS Command Injection
CVSS 8.4
CVE-2024-39401 HIGH
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Authenticated OS Command Injection
CVSS 8.4
CVE-2024-7728 HIGH
CAYIN Technology CMS - Command Injection
CVSS 7.2
CVE-2024-42740 MEDIUM
TOTOLINK X5000r <9.1.0cu.2350_b20230313 - Command Injection
CVSS 6.8
CVE-2024-42739 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-42738 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-42737 HIGH
TOTOLINK X5000r <9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-42736 HIGH
TOTOLINK X5000r <9.1.0cu.2350_b20230313 - Command Injection
CVSS 7.8
CVE-2024-42748 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-42747 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-42745 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-42744 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
Details
Vulnerabilities 5,970
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits