CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,973 vulnerabilities with CWE-78
CVE-2024-5336 MEDIUM
Ruijie RG-UAC <20240516 - Code Injection
CVSS 4.7
CVE-2024-5297 HIGH
D-Link D-View 8 - Unauthenticated Remote Code Execution via executeWmicCmd
CVSS 8.8
CVE-2024-5295 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated OS Command Injection via flupl self Parameter
CVSS 8.8
CVE-2024-5291 HIGH
D-Link DIR-2150 Firmware - Unauthenticated Remote Code Execution via GetDeviceSettings SOAP API
CVSS 8.8
CVE-2024-5227 HIGH
TP-Link Omada ER605 Firmware - Unauthenticated Remote Code Execution via PPTP VPN Username Parameter
CVSS 7.5
CVE-2024-31843 MEDIUM
Italtel Embrace <1.6.4 - Command Injection
CVSS 4.1
CVE-2024-5241 MEDIUM
Huashi Private Cloud CDN <20240520 - Command Injection
CVSS 4.7
CVE-2024-33529 HIGH
ILIAS 7-7.29 8-8.10 9.0 - Authenticated OS Command Injection via File Upload
CVSS 7.2
CVE-2024-0401 HIGH
ASUS ExpertWiFi and RT Series < 3.0.0.6.102_44544 - Authenticated Remote Code Execution via Crafted OVPN Profile
CVSS 7.2
CVE-2024-20326 HIGH
Cisco ConfD/Crosswork - Privilege Escalation
CVSS 7.8
CVE-2024-30314 HIGH
Dreamweaver < 21.4 - OS Command Injection
CVSS 7.8
CVE-2024-3126 HIGH
parisneo/lollms-webui - Command Injection
CVSS 8.4
CVE-2024-4965 MEDIUM
D-Link DAR-7000-40 - Os Command Injection
CVSS 6.3
CVE-2024-31482 MEDIUM
ArubaOS 10.3.0.0-10.4.1.0 & InstantOS 6.4.0.0-8.6.0.23 - DoS via PAPI ANSI Escape Code
CVSS 5.3
CVE-2024-31481 MEDIUM
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Unauthenticated Denial of Service via PAPI CLI Service
CVSS 5.3
CVE-2024-31480 MEDIUM
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Unauthenticated Denial of Service via PAPI CLI Service
CVSS 5.3
CVE-2024-31479 MEDIUM
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Unauthenticated Denial of Service via PAPI Protocol
CVSS 5.3
CVE-2024-31478 MEDIUM
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Unauthenticated Denial of Service via PAPI Protocol
CVSS 5.3
CVE-2024-31477 HIGH
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Authenticated OS Command Injection via CLI
CVSS 7.2
CVE-2024-31476 HIGH
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Authenticated OS Command Injection via CLI
CVSS 7.2
CVE-2024-31473 CRITICAL
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Unauthenticated Remote Code Execution via PAPI UDP Port
CVSS 9.8
CVE-2024-31472 CRITICAL
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Unauthenticated Remote Code Execution via PAPI UDP Port
CVSS 9.8
CVE-2024-31471 CRITICAL
ArubaOS 10.3.0.0-10.4.1.0 and InstantOS 6.4.0.0-8.6.0.23 - Unauthenticated Remote Code Execution via PAPI UDP Port
CVSS 9.8
CVE-2024-32351 HIGH
TOTOLINK X5000R - Authenticated RCE
CVSS 8.8
CVE-2024-1628 HIGH
GE HealthCare ultrasound devices - Command Injection
CVSS 8.4
Details
Vulnerabilities 5,973
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits