CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-3939 CRITICAL
ZkTeco-based OEM devices - Command Injection
CVSS 10.0
CVE-2023-6321 HIGH
OwletCare Cam and ThroughTek Kalay Platform - Command Injection
CVSS 7.2
CVE-2023-47709 CRITICAL
IBM Security Guardium 11.3-12.0 - Authenticated OS Command Injection
CVSS 9.1
CVE-2023-37407 HIGH
IBM Aspera Orchestrator 4.0.1 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-51625 HIGH
D-Link DCS-8300LHV2 - Command Injection
CVSS 8.0
CVE-2023-51585 HIGH
Voltronic Power ViewPower Pro - Command Injection
CVSS 8.8
CVE-2023-50217 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via awsfile rm Command Injection
CVSS 8.8
CVE-2023-50216 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via HTTP Service
CVSS 8.8
CVE-2023-50215 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via Node-RED GZ File Handling
CVSS 8.8
CVE-2023-50214 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via HTTP Service
CVSS 8.8
CVE-2023-50213 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via HTTP Service
CVSS 8.8
CVE-2023-50207 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated OS Command Injection via flupl filename Parameter
CVSS 8.8
CVE-2023-50206 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via flupl query_type Parameter
CVSS 8.8
CVE-2023-50205 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated OS Command Injection via HTTP Service
CVSS 8.8
CVE-2023-50204 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via flupl pythonapp Command Injection
CVSS 8.8
CVE-2023-50203 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via Node-RED chmod Command Injection
CVSS 8.8
CVE-2023-50202 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via flupl pythonmodules Command Injection
CVSS 8.8
CVE-2023-50201 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via cfgsave upusb Command Injection
CVSS 8.8
CVE-2023-50200 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via cfgsave backusb Command Injection
CVSS 8.8
CVE-2023-50198 HIGH
D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via cfgsave Command Injection
CVSS 8.8
CVE-2023-47220 MEDIUM
QNAP Media Streaming add-on >=500.1.1.0 <500.1.1.5 - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-44427 HIGH
D-Link DIR-X3260 < 1.04b01 Authenticated RCE via SetSysEmailSettings Command Injection
CVSS 8.0
CVE-2023-44426 HIGH
D-Link DIR-X3260 < 1.04b01 Authenticated OS Command Injection via SetSysEmailSettings
CVSS 8.0
CVE-2023-44425 HIGH
D-Link DIR-X3260 Firmware < 1.04b01 - Remote Code Execution via SetSysEmailSettings AccountName Command Injection
CVSS 8.0
CVE-2023-44424 HIGH
D-Link DIR-X3260 Firmware < 1.04b01 - Authenticated OS Command Injection via SetSysEmailSettings EmailTo Parameter
CVSS 8.0
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits