Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,951)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-18858 1Netgear 10M4200 10mg Poe+ Firmware M4300 12x12f FirmwareM4300 24x24f Firmware+7 more Nov 21, 2024 Apr 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300...Show more Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier.Show less
CVE-2016-11054 1Netgear 1Dgn2200 Firmware Nov 21, 2024 Apr 28, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.
CVE-2020-12078 1Opmantek 1Open Audit Nov 21, 2024 Apr 28, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discover...Show more An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.Show less
CVE-2020-7640 1Pixlcore 1Pixl Class Nov 21, 2024 Apr 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization.
CVE-2018-21157 1Netgear 9D7800 Firmware R6700 FirmwareR6900 Firmware+6 more Nov 21, 2024 Apr 27, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 before 1.0.3.24, R7800...Show more Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.38, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.Show less
CVE-2018-21154 1Netgear 5D7800 Firmware Dm200 FirmwareR6100 Firmware+2 more Nov 21, 2024 Apr 27, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R...Show more Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42.Show less
CVE-2018-21152 1Netgear 7D7800 Firmware R7500 FirmwareR7800 Firmware+4 more Nov 21, 2024 Apr 27, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR43...Show more Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.Show less
CVE-2018-21100 1Netgear 1R7800 Firmware Nov 21, 2024 Apr 27, 2020 N/A· v4 8.0 HIGH· v3 5.2 MEDIUM· v2 NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21099 1Netgear 1R7800 Firmware Nov 21, 2024 Apr 27, 2020 N/A· v4 8.0 HIGH· v3 5.2 MEDIUM· v2 NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21098 1Netgear 1R7800 Firmware Nov 21, 2024 Apr 27, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2020-11941 1Opmantek 1Open Audit Nov 21, 2024 Apr 27, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
CVE-2020-12242 1Valvesoftware 1Source Nov 21, 2024 Apr 27, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.
CVE-2020-5868 1F5 1Big Iq Centralized Management Nov 21, 2024 Apr 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
CVE-2018-21164 1Netgear 2R6220 Firmware Wndr3700 Firmware Nov 21, 2024 Apr 23, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54.
CVE-2018-21162 1Netgear 16D6400 Firmware Ex6200 FirmwareEx7000 Firmware+13 more Nov 21, 2024 Apr 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6,...Show more Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48.Show less
CVE-2018-21110 1Netgear 1R7800 Firmware Nov 21, 2024 Apr 23, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21109 1Netgear 1R7800 Firmware Nov 21, 2024 Apr 23, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21108 1Netgear 1R7800 Firmware Nov 21, 2024 Apr 23, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21107 1Netgear 1R7800 Firmware Nov 21, 2024 Apr 23, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVE-2018-21106 1Netgear 1R7800 Firmware Nov 21, 2024 Apr 23, 2020 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Previous 1...229230231...298 Next