Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-40838 1Tenda 1Ac6 Firmware Jun 17, 2026 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability.
CVE-2023-40837 1Tenda 1Ac6 Firmware Jun 17, 2026 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fi...Show more Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands.Show less
CVE-2023-41109 1Patton 1Smartnode Sn200 Firmware Jun 17, 2026 Aug 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
CVE-2023-1997 13ds 13dexperience Jun 17, 2026 Aug 28, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.
CVE-2023-38027 1Myspotcam 1Sense Firmware Jun 17, 2026 Aug 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbit...Show more SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.Show less
CVE-2023-38025 1Myspotcam 1Fhd 2 Firmware Jun 17, 2026 Aug 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary sy...Show more SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service. Show less
CVE-2022-43907 1Ibm 1Security Guardium Jun 17, 2026 Aug 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.
CVE-2023-4542 1Dlink 1Dar 8000 10 Firmware Jun 17, 2026 Aug 25, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to...Show more A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-37249 1Infoblox 1Nios Jun 17, 2026 Aug 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.
CVE-2023-40144 1Cbc 23Dr 16f42a Firmware Dr 16f45at FirmwareDr 16h Firmware+20 more Jun 17, 2026 Aug 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detaile...Show more OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.Show less
CVE-2020-21583 1Kernel 1Util Linux Jun 17, 2026 Aug 22, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
CVE-2023-4412 1Totolink 1Ex1200l Firmware Jun 17, 2026 Aug 18, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated r...Show more A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-4411 1Totolink 1Ex1200l Firmware Jun 17, 2026 Aug 18, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attac...Show more A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-4410 1Totolink 1Ex1200l Firmware Jun 17, 2026 Aug 18, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to ini...Show more A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-40072 1Elecom 2Wab S300 Firmware Wab S600 Ps Firmware Jun 17, 2026 Aug 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
CVE-2023-40069 1Elecom 5Wrc 1167ghbk2 Firmware Wrc 1750ghbk E FirmwareWrc 1750ghbk2 I Firmware+2 more Jun 17, 2026 Aug 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions ar...Show more OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.Show less
CVE-2023-39944 1Elecom 2Wrc 1750ghbk Firmware Wrc F1167acf Firmware Jun 17, 2026 Aug 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.
CVE-2023-39455 1Elecom 7Wrc 1467ghbk A Firmware Wrc 1467ghbk S FirmwareWrc 1900ghbk A Firmware+4 more Jun 17, 2026 Aug 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC...Show more OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.Show less
CVE-2023-39416 1Northgrid 1Proself Jun 17, 2026 Aug 18, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative pri...Show more Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands.Show less
CVE-2023-34215 1Moxa 1Tn 5900 Firmware Jun 17, 2026 Aug 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generati...Show more TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.Show less

Previous 1...142143144...299 Next