Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-51005 1Netgear 1R8500 Firmware May 2, 2025 Nov 5, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a craf...Show more Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.Show less
CVE-2024-50993 1Netgear 1R8500 Firmware Apr 22, 2025 Nov 5, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted...Show more Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.Show less
CVE-2024-45893 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVE-2024-45891 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVE-2024-45890 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVE-2024-45889 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVE-2024-45888 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVE-2024-45887 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
CVE-2024-45885 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
CVE-2024-45884 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
CVE-2024-45882 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`
CVE-2024-51253 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
CVE-2024-51251 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
CVE-2024-51249 1Draytek 1Vigor3900 Firmware Apr 11, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-51246 1Draytek 1Vigor3900 Firmware Apr 11, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-10035 1Bg Tek 1Coslat Jun 2, 2026 Nov 4, 2024 9.2 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Comma...Show more Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation. This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported.Show less
CVE-2024-51661 1Davidlingren 1Media Library Assistant Apr 23, 2026 Nov 4, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media...Show more Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.19.Show less
CVE-2024-51252 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
CVE-2024-51248 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
CVE-2024-51247 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.

Previous 1...99100101...299 Next