Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-38510 - - Nov 21, 2024 Jul 26, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file u...Show more A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.Show less
CVE-2024-38508 - - Nov 21, 2024 Jul 26, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via...Show more A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.Show less
CVE-2024-7120 1Raisecom 4Msg1200 Firmware Msg2100e FirmwareMsg2200 Firmware+1 more Nov 21, 2024 Jul 26, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The mani...Show more A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.Show less
CVE-2024-41473 1Tendacn 1Fh1201 Firmware Nov 21, 2024 Jul 25, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac
CVE-2024-41468 1Tendacn 1Fh1201 Firmware Nov 21, 2024 Jul 25, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand
CVE-2024-24623 1Softaculous 1Webuzo Nov 21, 2024 Jul 25, 2024 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.
CVE-2024-24622 1Softaculous 1Webuzo Nov 21, 2024 Jul 25, 2024 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.
CVE-2024-41136 1Arubanetworks 1Edgeconnect Sd Wan Orchestrator Nov 21, 2024 Jul 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbi...Show more An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.Show less
CVE-2024-39345 1Adtran 1Sdg Smartos Nov 21, 2024 Jul 24, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices i...Show more AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1.Show less
CVE-2024-31977 1Adtran 2834 5 Firmware Sdg Smartos Nov 21, 2024 Jul 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility.
CVE-2024-7066 1F Logic 1Datacube3 Firmware Nov 21, 2024 Jul 24, 2024 6.9 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request...Show more A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272347.Show less
CVE-2024-39686 1Fish.audio 1Bert Vits2 Nov 21, 2024 Jul 22, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to a...Show more Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.Show less
CVE-2024-39685 1Fish.audio 1Bert Vits2 Nov 21, 2024 Jul 22, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to a...Show more Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.Show less
CVE-2024-41317 1Totolink 1A6000r Firmware Apr 3, 2025 Jul 22, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVE-2024-41315 1Totolink 1A6000r Firmware Apr 3, 2025 Jul 22, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVE-2024-41314 1Totolink 1A6000r Firmware Apr 3, 2025 Jul 22, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVE-2024-37391 1Proton 1Protonvpn Mar 13, 2025 Jul 22, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
CVE-2024-37066 1Wyze 1Cam V4 Firmware Nov 21, 2024 Jul 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.
CVE-2024-34013 - - Apr 10, 2026 Jul 18, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571.
CVE-2024-40641 - - Nov 21, 2024 Jul 17, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web application...Show more Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In this case, users can execute arbitrary commands. (Although, as far as I know, most web applications use -t to execute). This issue has been addressed in version 3.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less

Previous 1...110111112...299 Next