Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-21883 1Indionetworks 5Unibox U1000 Firmware Unibox U2500 FirmwareUnibox U5000 Firmware+2 more Nov 21, 2024 Apr 9, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
CVE-2021-1473 1Cisco 4Rv340 Firmware Rv340w FirmwareRv345 Firmware+1 more Nov 21, 2024 Apr 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected...Show more Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2021-28927 1Libretro 1Retroarch Nov 21, 2024 Apr 7, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access...Show more The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.Show less
CVE-2021-28204 1Asus 3Asmb8 Ikvm Firmware Z10pe D16 Ws FirmwareZ10pr D16 Firmware Nov 21, 2024 Apr 6, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command...Show more The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.Show less
CVE-2021-28203 1Asus 3Asmb8 Ikvm Firmware Z10pe D16 Ws FirmwareZ10pr D16 Firmware Nov 21, 2024 Apr 6, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute comm...Show more The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.Show less
CVE-2020-27600 1Dlink 1Dir 846 Firmware Nov 21, 2024 Apr 2, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.
CVE-2021-28113 1Okta 1Access Gateway Nov 21, 2024 Apr 2, 2021 N/A· v4 6.7 MEDIUM· v3 8.7 HIGH· v2 A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privi...Show more A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.Show less
CVE-2021-29083 1Synology 1Diskstation Manager Jan 14, 2025 Apr 1, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via real...Show more Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.Show less
CVE-2021-23348 1Portprocesses Project 1Portprocesses Nov 21, 2024 Mar 31, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child...Show more This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2021-21412 1@thi.ng/egf Project 1@thi.ng/egf Nov 21, 2024 Mar 30, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released as of v0.4.0 By def...Show more Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values (since GPG only available in non-browser env). However, if GPG encrypted values are used/required: 1. Perform a regex search for `#gpg`-tagged values in the EGF source file/string and check for backtick (\`) chars in the encrypted value string 2. Replace/remove them or skip parsing if present.Show less
CVE-2021-23363 1Kill By Port Project 1Kill By Port Nov 21, 2024 Mar 30, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_p...Show more This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2021-26810 1Dlink 1Dir 816 Firmware Nov 21, 2024 Mar 30, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to...Show more D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter.Show less
CVE-2021-25162 2Arubanetworks Siemens 2Instant Scalance W1750d Firmware Nov 21, 2024 Mar 30, 2021 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and be...Show more A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.Show less
CVE-2021-25150 2Arubanetworks Siemens 2Instant Scalance W1750d Firmware Nov 21, 2024 Mar 30, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aru...Show more A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.Show less
CVE-2021-25146 2Arubanetworks Siemens 2Instant Scalance W1750d Firmware Nov 21, 2024 Mar 30, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aru...Show more A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.Show less
CVE-2021-27273 1Netgear 1Prosafe Network Management System Nov 21, 2024 Mar 29, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121.Show less
CVE-2020-24636 2Arubanetworks Siemens 2Instant Scalance W1750d Firmware Nov 21, 2024 Mar 29, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aru...Show more A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.Show less
CVE-2020-24635 2Arubanetworks Siemens 2Instant Scalance W1750d Firmware Nov 21, 2024 Mar 29, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aru...Show more A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.Show less
CVE-2021-21372 1Nim Lang 1Nim Nov 21, 2024 Mar 26, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attac...Show more Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.Show less
CVE-2020-28695 1Askey 1Rtf3505vw N1 Br Sv G000 R3505vwn1001 S32 7 Firmware Nov 21, 2024 Mar 26, 2021 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root.

Previous 1...208209210...299 Next