Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-37056 1Dlink 1Go Rt Ac750 Firmware Dec 9, 2025 Aug 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main,
CVE-2022-37057 1Dlink 1Go Rt Ac750 Firmware Dec 9, 2025 Aug 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.
CVE-2022-31499 1Nortekcontrol 1Emerge E3 Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
CVE-2022-20865 1Cisco 12Firepower 4110 Firmware Firepower 4112 FirmwareFirepower 4115 Firmware+9 more Nov 21, 2024 Aug 25, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges...Show more A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.Show less
CVE-2022-37810 1Tenda 1Ac1206 Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.
CVE-2022-37083 1Totolink 1A7000r Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg.
CVE-2022-37082 1Totolink 1A7000r Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost.
CVE-2022-37081 1Totolink 1A7000r Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg.
CVE-2022-37079 1Totolink 1A7000r Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.
CVE-2022-36455 1Totolink 1A3600r Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.
CVE-2022-37076 1Totolink 1A7000r Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.
CVE-2022-37070 1H3c 1Gr 1200w Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.
CVE-2022-36510 1H3c 1Gr2200 Firmware Jun 17, 2025 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.
CVE-2022-36509 1H3c 1Gr3200 Firmware Jun 17, 2025 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.
CVE-2022-36487 1Totolink 1N350rt Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.
CVE-2022-36486 1Totolink 1N350rt Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.
CVE-2022-36485 1Totolink 1N350rt Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.
CVE-2022-36481 1Totolink 1N350rt Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.
CVE-2022-36479 1Totolink 1N350rt Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.
CVE-2022-36461 1Totolink 1A3700r Firmware Nov 21, 2024 Aug 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

Previous 1...171172173...299 Next