CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-40504 CRITICAL
LG Simple Editor Command Injection (CVE-2023-40504)
CVSS 9.8
CVE-2023-40480 HIGH
NETGEAR RAX30 Firmware < 1.0.9.92 - Unauthenticated Remote Code Execution via DHCP Server
CVSS 8.8
CVE-2023-40479 HIGH
NETGEAR RAX30 Firmware < 1.0.9.92 - Unauthenticated Remote Code Execution via UPnP Command Injection
CVSS 8.8
CVE-2023-39471 HIGH
TP-Link TL-WR841N/TL-WR840N <231119/231121 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2023-38120 HIGH
Adtran SR400ac Firmware - Remote Code Execution via Ping Command Host Parameter
CVSS 8.8
CVE-2023-35723 HIGH
D-Link DIR-X3260 Firmware < 1.04b01 - Unauthenticated Remote Code Execution via SOAPAction Header
CVSS 8.8
CVE-2023-35722 HIGH
NETGEAR RAX30 Firmware < 1.0.11.96_2_hotfix - Unauthenticated Remote Code Execution via UPnP Port Mapping Request
CVSS 8.8
CVE-2023-34281 HIGH
D-Link DIR-2150 Firmware < 1.06 - Authenticated OS Command Injection via GetFirmwareStatus
CVSS 8.0
CVE-2023-34280 HIGH
D-Link DIR-2150 Firmware < 1.06 - Authenticated Remote Code Execution via SetSysEmailSettings EmailTo Parameter
CVSS 8.0
CVE-2023-34279 HIGH
D-Link DIR-2150 Firmware < 1.06 - Unauthenticated Remote Code Execution via GetDeviceSettings SOAP API
CVSS 8.8
CVE-2023-34278 HIGH
D-Link DIR-2150 Firmware < 1.06 - Authenticated Remote Code Execution via SetSysEmailSettings EmailFrom Parameter
CVSS 8.0
CVE-2023-34277 HIGH
D-Link DIR-2150 < 1.06 Authenticated RCE via SetSysEmailSettings Command Injection
CVSS 8.0
CVE-2023-34276 HIGH
D-Link DIR-2150 < 1.06 Authenticated RCE via SetTriggerPPPoEValidate Command Injection
CVSS 8.0
CVE-2023-34275 HIGH
D-Link DIR-2150 Firmware < 1.06 - Authenticated Remote Code Execution via SetNTPServerSettings Command Injection
CVSS 8.0
CVE-2023-32153 MEDIUM
D-Link DIR-2640 - Remote Code Execution via EmailFrom Parameter
CVSS 6.8
CVE-2023-32151 MEDIUM
D-Link DIR-2640 - Remote Code Execution via DestNetwork Parameter
CVSS 6.8
CVE-2023-32150 MEDIUM
D-Link DIR-2640 - Unauthenticated Remote Code Execution via HNAP1 PrefixLen Parameter
CVSS 6.8
CVE-2023-32147 MEDIUM
D-Link DIR-2640 - Remote Code Execution via LocalIPAddress Parameter
CVSS 6.8
CVE-2023-27367 HIGH
NETGEAR RAX30 Firmware < 1.0.10.94 - Authenticated OS Command Injection via libcms_cli Module
CVSS 8.0
CVE-2023-27356 HIGH
NETGEAR RAX30 and RAXE300 Firmware < 1.0.10.94 - Authenticated Remote Code Execution via logCtrl Action
CVSS 8.0
CVE-2023-39367 CRITICAL
Peplink Smart Reader Firmware 1.2.0 - Authenticated OS Command Injection via mac2name Web Interface
CVSS 9.1
CVE-2023-4856 HIGH
Lenovo SMM, SMM2, FPC - Authenticated OS Command Injection via Format String Vulnerability
CVSS 8.8
CVE-2023-4855 HIGH
Lenovo SMM/SMM2 and FPC - Authenticated OS Command Injection via IPMI
CVSS 7.2
CVE-2023-47540 MEDIUM
FortiSandbox 3.0.5-3.0.7, 4.0, 4.2.1-4.2.6, 4.4.0-4.4.2 - OS Command Injection via CLI
CVSS 6.7
CVE-2023-6320 CRITICAL
webOS <6.3.3-442 - Command Injection
CVSS 9.1
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits