CWE-78— OS Command Injection
5,507 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-78page 7 of 111
- CVE-2018-0193HIGHCVSS 7.8EG 7.82018-03-28
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the under…
- CVE-2018-0194HIGHCVSS 7.8EG 7.82018-04-02
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the under…
- CVE-2018-0214MEDIUMCVSS 5.3EG 5.32018-03-08
A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Inje…
- CVE-2018-0217MEDIUMCVSS 6.7EG 6.72018-03-08
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerabil…
- CVE-2018-0221MEDIUMCVSS 6.7EG 6.72018-03-08
A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user se…
- CVE-2018-0224MEDIUMCVSS 6.7EG 6.72018-03-08
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating…
- CVE-2018-0274HIGHCVSS 8.8EG 8.82018-06-07
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient…
- CVE-2018-0279HIGHCVSS 8.8EG 8.82018-05-17
A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected dev…
- CVE-2018-0293HIGHCVSS 8.8EG 8.82018-06-20
A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess v…
- CVE-2018-0306HIGHCVSS 7.8EG 7.82018-06-21
A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command argume…
- CVE-2018-0307HIGHCVSS 7.8EG 7.82018-06-20
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An…
- CVE-2018-0324MEDIUMCVSS 6.7EG 6.72018-05-17
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validati…
- CVE-2018-0330HIGHCVSS 8.8EG 8.82018-06-20
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerab…
- CVE-2018-0341HIGHCVSS 8.8EG 8.82018-07-16
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privile…
- CVE-2018-0348HIGHCVSS 7.2EG 7.22018-07-18
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attack…
- CVE-2018-0349CRITICALCVSS 9.8EG 9.82018-07-18
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the …
- CVE-2018-0424HIGHCVSS 8.8EG 8.82018-10-05
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to ex…
- CVE-2018-0427HIGHCVSS 8.8EG 8.82018-08-15
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of …
- CVE-2018-0432HIGHCVSS 8.8EG 8.82018-10-05
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain…
- CVE-2018-0433HIGHCVSS 7.8EG 7.82018-10-05
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient inp…
- CVE-2018-0453HIGHCVSS 8.2EG 8.22018-10-05
A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with…
- CVE-2018-0477MEDIUMCVSS 6.7EG 6.72018-10-05
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affec…
- CVE-2018-0481MEDIUMCVSS 6.7EG 6.72018-10-05
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affec…
- CVE-2018-0506CRITICALCVSS 9.8EG 9.82018-01-26
Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0512MEDIUMCVSS 6.8EG 6.82018-02-08
Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0514CRITICALCVSS 9.8EG 9.82018-02-08
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0523HIGHCVSS 8.8EG 8.82018-03-09
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0539CRITICALCVSS 9.8EG 9.82018-03-22
QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors.
- CVE-2018-0545CRITICALCVSS 9.8EG 9.82018-04-09
LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0556HIGHCVSS 8.8EG 8.82018-04-09
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0569HIGHCVSS 8.8EG 8.82018-06-26
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0625HIGHCVSS 7.2EG 7.22019-01-09
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.
- CVE-2018-0626HIGHCVSS 7.2EG 7.22019-01-09
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.
- CVE-2018-0627HIGHCVSS 7.2EG 7.22019-01-09
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
- CVE-2018-0628HIGHCVSS 7.2EG 7.22019-01-09
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
- CVE-2018-0629HIGHCVSS 7.2EG 7.22019-01-09
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
- CVE-2018-0630HIGHCVSS 7.2EG 7.22019-01-09
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
- CVE-2018-0631HIGHCVSS 7.2EG 7.22019-01-09
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
- CVE-2018-0634HIGHCVSS 7.2EG 7.22019-01-09
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
- CVE-2018-0635HIGHCVSS 7.2EG 7.22019-01-09
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
- CVE-2018-0636HIGHCVSS 7.2EG 7.22019-01-09
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
- CVE-2018-0637HIGHCVSS 7.2EG 7.22019-01-09
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
- CVE-2018-0638HIGHCVSS 7.2EG 7.22019-01-09
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
- CVE-2018-0639HIGHCVSS 7.2EG 7.22019-01-09
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.
- CVE-2018-0643MEDIUMCVSS 6.6EG 6.62018-09-07
Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0677MEDIUMCVSS 6.8EG 6.82019-01-09
BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0694CRITICALCVSS 9.8EG 9.82018-11-15
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- CVE-2018-0707HIGHCVSS 7.2EG 7.22018-07-17
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
- CVE-2018-0708HIGHCVSS 8.8EG 8.82018-07-17
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
- CVE-2018-0709HIGHCVSS 8.8EG 8.82018-07-17
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
Map vulnerabilities like CWE-78 to your infrastructure
EchelonGraph correlates every CVE — across CWE-78 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →