Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,947)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-1636 1Cisco 1Webex Teams Nov 21, 2024 Jan 23, 2019 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application...Show more A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.Show less
CVE-2018-6444 2Brocade Netapp 2Brocade Network Advisor Network Advisor Nov 21, 2024 Jan 22, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands.
CVE-2019-6487 1Tp Link 5Tl Wdr3500 Firmware Tl Wdr3600 FirmwareTl Wdr4300 Firmware+2 more Nov 21, 2024 Jan 18, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_w...Show more TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.Show less
CVE-2018-20727 1Nedi 1Nedi Nov 21, 2024 Jan 17, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit...Show more Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.Show less
CVE-2018-16200 1Toshiba 2Hem Gw16a Firmware Hem Gw26a Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
CVE-2018-16195 1Nec 2Aterm Wf1200cr Firmware Aterm Wg1200cr Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP inte...Show more Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.Show less
CVE-2018-16194 1Nec 2Aterm Wf1200cr Firmware Aterm Wg1200cr Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2018-16184 1Ricoh 8D2200 Firmware D5500 FirmwareD5510 Firmware+5 more Nov 21, 2024 Jan 9, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D840...Show more RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.Show less
CVE-2018-16167 1Jpcert 1Logontracer Nov 21, 2024 Jan 9, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2018-0677 1Panasonic 1Bn Sdwbp3 Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 6.8 MEDIUM· v3 7.7 HIGH· v2 BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.
CVE-2018-0639 1Nec 1Aterm Hc100rc Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.
CVE-2018-0638 1Nec 1Aterm Hc100rc Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
CVE-2018-0637 1Nec 1Aterm Hc100rc Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
CVE-2018-0636 1Nec 1Aterm Hc100rc Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
CVE-2018-0635 1Nec 1Aterm Hc100rc Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
CVE-2018-0634 1Nec 1Aterm Hc100rc Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
CVE-2018-0631 1Nec 1Aterm W300p Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
CVE-2018-0630 1Nec 1Aterm W300p Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
CVE-2018-0629 1Nec 1Aterm W300p Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
CVE-2018-0628 1Nec 1Aterm Wg1200hp Firmware Nov 21, 2024 Jan 9, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.

Previous 1...260261262...298 Next