← Back
CWE-78

5,964 CVEs • Abstraction: Base • Likelihood of Exploit: High

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

JSON object

Loading...

CVEs (5,964)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-28912
1Totolink
1N600r Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
CVE-2022-28911
1Totolink
1N600r Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
CVE-2022-28910
1Totolink
1N600r Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
CVE-2022-28909
1Totolink
1N600r Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
CVE-2022-28908
1Totolink
1N600r Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
CVE-2022-28907
1Totolink
1N600r Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
CVE-2022-28906
1Totolink
1N600r Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.
CVE-2022-28905
1Totolink
1N600r Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
CVE-2022-28901
1Dlink
1Dir 882 Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28896
1Dlink
1Dir 882 Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28895
1Dlink
1Dir 882 Firmware
Nov 21, 2024
May 10, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-27224
1Galsys
1Nts 6002 Gps Firmware
Nov 21, 2024
May 9, 2022
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-manage...Show more
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address).Show less
CVE-2022-28584
1Totolink
1A7100ru Firmware
Nov 21, 2024
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully...Show more
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.Show less
CVE-2022-28583
1Totolink
1A7100ru Firmware
Nov 21, 2024
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully co...Show more
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.Show less
CVE-2022-28582
1Totolink
1A7100ru Firmware
Nov 21, 2024
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully...Show more
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.Show less
CVE-2022-28581
1Totolink
1A7100ru Firmware
Nov 21, 2024
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a careful...Show more
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.Show less
CVE-2022-28580
1Totolink
1A7100ru Firmware
Nov 21, 2024
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully...Show more
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.Show less
CVE-2022-28579
1Totolink
1A7100ru Firmware
Nov 21, 2024
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully...Show more
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.Show less
CVE-2022-28578
1Totolink
1A7100ru Firmware
Nov 21, 2024
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully co...Show more
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.Show less
CVE-2022-28577
1Totolink
1A7100ru Firmware
Nov 21, 2024
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully...Show more
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.Show less