CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,974 vulnerabilities with CWE-78
CVE-2024-0166 HIGH
Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated OS Command Injection via svc_tcpdump Utility
CVSS 7.8
CVE-2024-0165 HIGH
Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated OS Command Injection via svc_acldb_dump Utility
CVSS 7.8
CVE-2024-0164 HIGH
Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated OS Command Injection via svc_topstats Utility
CVSS 7.8
CVE-2024-22836 CRITICAL
Akaunting <3.1.3 - Command Injection
CVSS 9.8
CVE-2024-24091 CRITICAL
Yealink Meeting Server < 26.0.0.66 - OS Command Injection via File Upload Interface
CVSS 9.8
CVE-2024-23109 CRITICAL
FortiSIEM - OS Command Injection via Crafted API Requests
CVSS 10.0
CVE-2024-23108 CRITICAL
Fortinet FortiSIEM - OS Command Injection
CVSS 10.0
CVE-2024-1115 HIGH
openBI < 1.0.8 - OS Command Injection via phpPath Argument in Setting.php
CVSS 7.3
CVE-2024-24333 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setWiFiAclRules desc Parameter
CVSS 9.8
CVE-2024-24332 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setUrlFilterRules URL Parameter
CVSS 9.8
CVE-2024-24331 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setWiFiScheduleCfg enable Parameter
CVSS 9.8
CVE-2024-24330 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setRemoteCfg Port or Enable Parameter
CVSS 9.8
CVE-2024-24329 CRITICAL
TotoLink Router setPortForwardRules - Command Injection
CVSS 9.8
CVE-2024-24328 CRITICAL
TotoLink Router setMacFilterRules - Command Injection
CVSS 9.8
CVE-2024-24327 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via pppoePass Parameter
CVSS 9.8
CVE-2024-24326 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via arpEnable Parameter
CVSS 9.8
CVE-2024-24325 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - OS Command Injection via setParentalRules enable Parameter
CVSS 9.8
CVE-2024-0986 MEDIUM
Issabel PBX 4.0.0 - Command Injection
CVSS 4.7
CVE-2024-0921 MEDIUM
D-Link DIR-816 A2 1.10CNB04 - Code Injection
CVSS 4.7
CVE-2024-0918 HIGH
TRENDnet TEW-800MB 1.0.1.0 - Code Injection
CVSS 7.2
CVE-2024-22372 MEDIUM
ELECOM Wireless LAN Routers - Command Injection
CVSS 6.8
CVE-2024-22366 MEDIUM
Yamaha Wireless LAN Access Point - RCE
CVSS 6.8
CVE-2024-0778 HIGH
Uniview ISC 2500-S <20210930 - Code Injection
CVSS 8.0
CVE-2024-0714 MEDIUM
MiczFlor RPi-Jukebox-RFID <2.5.0 - Command Injection
CVSS 6.3
CVE-2024-20277 MEDIUM
Cisco ThousandEyes Enterprise Agent - Command Injection
CVSS 6.8
Details
Vulnerabilities 5,974
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits