Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45996 1Tenda 1W20e Firmware Apr 22, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
CVE-2022-45977 1Tenda 1Ax12 Firmware Apr 22, 2025 Dec 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
CVE-2022-45043 1Tenda 1Ax12 Firmware Apr 22, 2025 Dec 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
CVE-2022-37924 1Arubanetworks 1Edgeconnect Enterprise Apr 24, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitr...Show more Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. Show less
CVE-2022-37912 1Arubanetworks 2Arubaos Sd Wan May 2, 2025 Dec 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on t...Show more Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Show less
CVE-2022-37902 1Arubanetworks 2Arubaos Sd Wan May 2, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on t...Show more Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Show less
CVE-2022-37901 1Arubanetworks 2Arubaos Sd Wan May 2, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on t...Show more Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Show less
CVE-2022-37900 1Arubanetworks 2Arubaos Sd Wan May 1, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on t...Show more Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Show less
CVE-2022-37899 1Arubanetworks 2Arubaos Sd Wan May 2, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on t...Show more Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Show less
CVE-2022-37898 1Arubanetworks 2Arubaos Sd Wan May 2, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on t...Show more Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Show less
CVE-2022-37897 1Arubanetworks 2Arubaos Sd Wan May 2, 2025 Dec 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Succe...Show more There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. Show less
CVE-2022-45145 1Call Cc 1Chicken Apr 23, 2025 Dec 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
CVE-2022-33186 1Brocade 1Fabric Operating System Apr 23, 2025 Dec 8, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying z...Show more A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.Show less
CVE-2022-45506 1Tenda 1W30e Firmware Apr 23, 2025 Dec 8, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
CVE-2022-45497 1Tenda 1W6 S Firmware Apr 23, 2025 Dec 8, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
CVE-2022-4364 1Flir 1Flir Ax8 Firmware Apr 29, 2026 Dec 8, 2022 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palet...Show more A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."Show less
CVE-2022-44606 1Unimo 3Udr Ja1604 Firmware Udr Ja1608 FirmwareUdr Ja1616 Firmware Apr 23, 2025 Dec 7, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the...Show more OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.Show less
CVE-2022-43464 1Unimo 3Udr Ja1604 Firmware Udr Ja1608 FirmwareUdr Ja1616 Firmware Apr 23, 2025 Dec 7, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the...Show more Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.Show less
CVE-2022-45026 1Markdown Preview Enhanced Project 1Markdown Preview Enhanced Apr 23, 2025 Dec 7, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process.
CVE-2022-45025 1Markdown Preview Enhanced Project 1Markdown Preview Enhanced Apr 23, 2025 Dec 7, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.

Previous 1...163164165...299 Next