Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-3606 1Tamronos 1Tamronos Jun 17, 2026 Jul 10, 2023 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is pos...Show more A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233475. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2021-42081 1Osnexus 1Quantastor Jun 17, 2026 Jul 10, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http://<IP_ADDRESS>/qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newL...Show more An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http://<IP_ADDRESS>/qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newLocation=4&newEnclosureLayoutId=5&newDnsServerList=;ls${IFS}-al&externalHostName=&newNTPServerList=;ls${IFS}-alShow less
CVE-2023-37173 1Totolink 1A3300r Firmware Jun 17, 2026 Jul 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
CVE-2023-37172 1Totolink 1A3300r Firmware Jun 17, 2026 Jul 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
CVE-2023-37171 1Totolink 1A3300r Firmware Jun 17, 2026 Jul 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
CVE-2023-37170 1Totolink 1A3300r Firmware Jun 17, 2026 Jul 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
CVE-2023-25583 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request...Show more Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration.Show less
CVE-2023-25582 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request...Show more Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.Show less
CVE-2023-24595 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker c...Show more An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2023-24582 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can...Show more Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet.Show less
CVE-2023-24520 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send...Show more Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility.Show less
CVE-2023-24519 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send...Show more Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility.Show less
CVE-2023-23550 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence...Show more An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2023-22659 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequen...Show more An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2023-22653 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can se...Show more An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2023-22371 1Milesight 1Milesightvpn Jun 17, 2026 Jul 6, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a maliciou...Show more An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.Show less
CVE-2023-22365 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can se...Show more An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.Show less
CVE-2023-22299 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network re...Show more An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.Show less
CVE-2023-36622 1Loxone 1Miniserver Go Gen 2 Firmware Jun 17, 2026 Jul 5, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.
CVE-2023-27198 1Paxtechnology 1Pax A930 Firmware Jun 17, 2026 Jul 5, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have phys...Show more PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.Show less

Previous 1...147148149...299 Next