CWE-78— OS Command Injection
5,586 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-78page 65 of 112
- CVE-2023-39362HIGHCVSS 7.2EG 9.02023-09-05
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command inje…
- CVE-2023-39367CRITICALCVSS 9.1EG 9.12024-04-17
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authentica…
- CVE-2023-3939CRITICALCVSS 10.0EG 10.02024-05-21
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superus…
- CVE-2023-39416HIGHCVSS 7.2EG 7.22023-08-18
Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute a…
- CVE-2023-39455HIGHCVSS 8.8EG 8.82023-08-18
OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all vers…
- CVE-2023-39471HIGHCVSS 8.8EG 7.52024-05-03
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not r…
- CVE-2023-3974CRITICALCVSS 9.8EG 9.62023-07-27
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.
- CVE-2023-3975CRITICALCVSS 9.8EG 8.32023-07-27
OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.
- CVE-2023-39780HIGHCVSS 8.8EG 9.0⚠ KEV2023-09-11
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the simil…
- CVE-2023-3991CRITICALCVSS 10.0EG 10.02023-10-16
An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vuln…
- CVE-2023-39935HIGHCVSS 8.0EG 8.02023-09-06
Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
- CVE-2023-39944HIGHCVSS 8.8EG 8.82023-08-18
OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.
- CVE-2023-40069CRITICALCVSS 9.8EG 9.82023-08-18
OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F…
- CVE-2023-40072HIGHCVSS 8.8EG 8.82023-08-18
OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
- CVE-2023-40144HIGHCVSS 8.8EG 8.82023-08-23
OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provi…
- CVE-2023-40145HIGHCVSS 8.8EG 8.82023-10-19
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
- CVE-2023-40193HIGHCVSS 8.0EG 8.02023-09-06
Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
- CVE-2023-40253MEDIUMCVSS 6.0EG 4.42023-08-11
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Gen…
- CVE-2023-4033HIGHCVSS 7.8EG 7.82023-08-01
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
- CVE-2023-40357HIGHCVSS 8.0EG 8.02023-09-06
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware …
- CVE-2023-40479HIGHCVSS 8.8EG 8.82024-05-03
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to …
- CVE-2023-40480HIGHCVSS 8.8EG 8.82024-05-03
NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not requi…
- CVE-2023-40504CRITICALCVSS 9.8EG 9.82024-05-03
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exp…
- CVE-2023-40505CRITICALCVSS 9.8EG 9.82024-05-03
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not requir…
- CVE-2023-40531HIGHCVSS 8.0EG 8.02023-09-06
Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
- CVE-2023-40581HIGHCVSS 8.3EG 8.32023-09-25
yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expans…
- CVE-2023-40582CRITICALCVSS 9.8EG 9.82023-08-30
find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious …
- CVE-2023-40716MEDIUMCVSS 6.7EG 6.72023-12-13
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via speci…
- CVE-2023-40837CRITICALCVSS 9.8EG 9.82023-08-30
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters …
- CVE-2023-40838CRITICALCVSS 9.8EG 9.82023-08-30
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability.
- CVE-2023-40839CRITICALCVSS 9.8EG 9.82023-08-30
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters …
- CVE-2023-41109CRITICALCVSS 9.8EG 9.82023-08-28
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
- CVE-2023-41149CRITICALCVSS 9.8EG 9.82023-09-06
F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is runni…
- CVE-2023-41188HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Au…
- CVE-2023-41189HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authe…
- CVE-2023-41190HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authen…
- CVE-2023-41191HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authenti…
- CVE-2023-41192HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Au…
- CVE-2023-41193HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. …
- CVE-2023-41194HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Au…
- CVE-2023-41195HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetHostIPv6Settings IPv6Mode Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. A…
- CVE-2023-41196HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325…
- CVE-2023-41197HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link D…
- CVE-2023-41198HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 ro…
- CVE-2023-41199HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 ro…
- CVE-2023-41200HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP…
- CVE-2023-41201HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. A…
- CVE-2023-41281MEDIUMCVSS 5.5EG 5.52024-02-02
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed th…
- CVE-2023-41282MEDIUMCVSS 5.5EG 5.52024-02-02
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed th…
- CVE-2023-41283MEDIUMCVSS 5.5EG 5.52024-02-02
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed th…
Map vulnerabilities like CWE-78 to your infrastructure
EchelonGraph correlates every CVE — across CWE-78 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →