CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,970 vulnerabilities with CWE-78
CVE-2024-41315 MEDIUM
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter in apcli_do_enr_pin_wps
CVSS 6.8
CVE-2024-41314 MEDIUM
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via iface Parameter in vif_disable Function
CVSS 6.8
CVE-2024-37391 HIGH
ProtonVPN < 3.2.10 - OS Command Injection via Drive Installer Path
CVSS 7.8
CVE-2024-37066 MEDIUM
Wyze Cam V4 Firmware < 4.52.4.9887 - OS Command Injection via Bluetooth Setup
CVSS 6.8
CVE-2024-34013 HIGH
Acronis True Image <41396 - Command Injection
CVSS 7.8
CVE-2024-40641 HIGH
Nuclei < 3.3.0 - OS Command Injection via Code Template Execution
CVSS 7.4
CVE-2024-36491 CRITICAL
FutureNet NXR/WXR/VXR - RCE/Info Disclosure/DoS
CVSS 9.8
CVE-2024-36475 HIGH
FutureNet NXR/VXR/WXR - Authenticated OS Command Execution via Debug Function
CVSS 8.8
CVE-2024-39524 HIGH
Junos OS Evolved Authenticated Privilege Escalation via CLI Command Parameter Injection
CVSS 7.8
CVE-2024-39523 HIGH
Junos OS Evolved Authenticated Privilege Escalation via CLI Command Injection
CVSS 7.8
CVE-2024-39522 HIGH
Juniper Junos OS Evolved < 22.3R2-EVO, < 22.4R1-S1-EVO, < 22.4R2-EVO - Privilege Escalation via CLI Command Injection
CVSS 7.8
CVE-2024-39521 HIGH
Juniper Junos OS Evolved < 21.2 - OS Command Injection
CVSS 7.8
CVE-2024-39520 HIGH
Junos OS Evolved Privilege Escalation to Root via CLI Command Injection
CVSS 7.8
CVE-2024-3799 HIGH
Phoniebox < 2.7 - OS Command Injection via POST Header Parameter
CVE-2024-3798 HIGH
Phoniebox <=2.7 - Command Execution via file GET Parameter
CVE-2024-28750 HIGH
Unknown Product <Version> - Command Injection
CVSS 7.2
CVE-2024-28749 HIGH
Unknown Product <Version> - Command Injection
CVSS 7.2
CVE-2024-28748 HIGH
Product <Version - Command Injection
CVSS 7.2
CVE-2024-39202 HIGH
D-Link DIR-823X AX3000 Firmware 240126 - Remote Code Execution via dhcpd_startip Parameter
CVSS 8.8
CVE-2024-39943 CRITICAL
rejetto HFS < 0.52.10 - Authenticated OS Command Injection via df Command Execution
CVSS 9.9
CVE-2024-39935 HIGH
jc21 NGINX Proxy Manager < 2.11.3 - Authenticated OS Command Injection via DNS Provider Configuration
CVSS 8.8
CVE-2024-6507 HIGH
Deep Lake - OS Command Injection via Kaggle Dataset Ingestion
CVSS 8.1
CVE-2024-38471 MEDIUM
TP-LINK Archer AX3000, AXE75, AX5400, and Air R5 - Authenticated OS Command Injection via Backup File Restore
CVSS 6.8
CVE-2024-32937 HIGH
Grandstream GXP2135 Firmware 1.0.9.129, 1.0.11.74, 1.0.11.79 - OS Command Injection via CWMP SelfDefinedTimeZone
CVSS 8.1
CVE-2024-5672 HIGH
Helmholz REX 100 and Red Lion Europe mbNET.mini <= 2.2.11 - Command Injection
CVSS 7.2
Details
Vulnerabilities 5,970
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits