Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-36491 1Centurysys 22Futurenet Nxr 120/c Firmware Futurenet Nxr 1200 FirmwareFuturenet Nxr 125/cx Firmware+19 more Apr 1, 2025 Jul 17, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-serv...Show more FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.Show less
CVE-2024-36475 1Centurysys 22Futurenet Nxr 120/c Firmware Futurenet Nxr 1200 FirmwareFuturenet Nxr 125/cx Firmware+19 more Nov 21, 2024 Jul 17, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug functi...Show more FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.Show less
CVE-2019-16639 1Ruijie 1Eg 2000se Firmware Jul 9, 2025 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admi...Show more An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1.Show less
CVE-2024-39524 1Juniper 1Junos Os Evolved Nov 21, 2024 Jul 11, 2024 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a fu...Show more An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: All versions before 20.4R3-S7-EVO, 21.2-EVO versions before 21.2R3-S8-EVO, 21.4-EVO versions before 21.4R3-S7-EVO, 22.2-EVO versions before 22.2R3-EVO, 22.3-EVO versions before 22.3R2-EVO, 22.4-EVO versions before 22.4R2-EVO.Show less
CVE-2024-39523 1Juniper 1Junos Os Evolved Nov 21, 2024 Jul 11, 2024 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a fu...Show more An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All versions before 20.4R3-S7-EVO, * 21.2-EVO versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO, * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R2-EVO.Show less
CVE-2024-39522 1Juniper 1Junos Os Evolved Nov 21, 2024 Jul 11, 2024 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a fu...Show more An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO.Show less
CVE-2024-39521 1Juniper 1Junos Os Evolved Nov 21, 2024 Jul 11, 2024 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a fu...Show more An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO, * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.Show less
CVE-2024-39520 1Juniper 1Junos Os Evolved Nov 21, 2024 Jul 11, 2024 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a fu...Show more An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All version before 20.4R3-S6-EVO, * 21.2-EVO versions before 21.2R3-S4-EVO, * 21.4-EVO versions before 21.4R3-S6-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO.Show less
CVE-2024-3799 - - Nov 21, 2024 Jul 10, 2024 8.7 HIGH· v4 N/A· v3 N/A· v2 Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malic...Show more Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a shell command execution. This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. Phoniebox in version 3.0 and higher are not affected.Show less
CVE-2024-3798 - - Nov 21, 2024 Jul 10, 2024 8.7 HIGH· v4 N/A· v3 N/A· v2 Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malici...Show more Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery. This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. Phoniebox in version 3.0 and higher are not affected.Show less
CVE-2024-28750 - - Nov 21, 2024 Jul 9, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A remote attacker with high privileges may use a deleting file function to inject OS commands.
CVE-2024-28749 - - Nov 21, 2024 Jul 9, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A remote attacker with high privileges may use a writing file function to inject OS commands.
CVE-2024-28748 - - Nov 21, 2024 Jul 9, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A remote attacker with high privileges may use a reading file function to inject OS commands.
CVE-2024-39202 1Dlink 1Dir 823x Ax3000 Firmware Nov 21, 2024 Jul 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.
CVE-2023-50383 2Level1 Realtek 2Rtl819x Jungle Software Development Kit Wbr 6013 Firmware Nov 4, 2025 Jul 8, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker ca...Show more Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parameter.Show less
CVE-2023-50382 2Level1 Realtek 2Rtl819x Jungle Software Development Kit Wbr 6013 Firmware Nov 4, 2025 Jul 8, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker ca...Show more Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request's parameter.Show less
CVE-2023-50381 2Level1 Realtek 2Rtl819x Jungle Software Development Kit Wbr 6013 Firmware Nov 4, 2025 Jul 8, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker ca...Show more Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter.Show less
CVE-2024-39943 1Rejetto 1Http File Server Nov 21, 2024 Jul 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df...Show more rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).Show less
CVE-2024-39935 1Jc21 1Nginx Proxy Manager Oct 2, 2025 Jul 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration....Show more jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.Show less
CVE-2024-6507 - - Nov 25, 2024 Jul 4, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API

Previous 1...111112113...299 Next