← Back
CWE-78

5,964 CVEs • Abstraction: Base • Likelihood of Exploit: High

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

JSON object

Loading...

CVEs (5,964)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-50374
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "capture_packages" operation.Show less
CVE-2024-50373
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "restore_config_from_utility" operation.Show less
CVE-2024-50372
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "backup_config_to_utility" operation.Show less
CVE-2024-50371
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.Show less
CVE-2024-50370
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "cfg_cmd_set_eth_conf" operation.Show less
CVE-2024-50369
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "multiple_ssid_htm" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50368
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "basic_htm" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50367
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "sta_log_htm" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50366
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50365
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50364
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "export_log" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50363
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "mp_apply" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50362
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "connection_profile_apply" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50361
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_file_remove" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50360
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "snmp_apply" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-50359
1Advantech
3Eki 6333ac 1gpo Firmware
Eki 6333ac 2g FirmwareEki 6333ac 2gd Firmware
Jan 23, 2026
Nov 26, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<=...Show more
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "scan_ap" API which are not properly sanitized before being concatenated to OS level commands.Show less
CVE-2024-53899
1Virtualenv
1Virtualenv
Feb 10, 2025
Nov 24, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
CVE-2024-52034
-
-
Nov 22, 2024
Nov 22, 2024
10.0 CRITICAL· v4
10.0 CRITICAL· v3
N/A· v2
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
CVE-2024-47407
-
-
Nov 22, 2024
Nov 22, 2024
10.0 CRITICAL· v4
10.0 CRITICAL· v3
N/A· v2
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
CVE-2024-8360
1Visteon
1Infotainment
Dec 4, 2024
Nov 22, 2024
N/A· v4
6.8 MEDIUM· v3
N/A· v2
Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon In...Show more
Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REFLASH_DDU_ExtractFile function. A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23421.Show less