Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,947)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-58287 1Yogeshojha 1Rengine Jan 20, 2026 Dec 11, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd paramet...Show more reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote code execution during scan engine configuration.Show less
CVE-2024-58286 - - Dec 12, 2025 Dec 11, 2025 9.3 CRITICAL· v4 N/A· v3 N/A· v2 dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands t...Show more dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.Show less
CVE-2025-13481 1Ibm 1Aspera Orchestrator Dec 15, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
CVE-2025-56130 1Ruijie 2Rg Nbs5100 24gt4sfp Firmware Rg S1930 Firmware Dec 31, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lu...Show more OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua.Show less
CVE-2025-56129 1Ruijie 1Rg Bcr860 Firmware Dec 15, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.
CVE-2025-56127 1Ruijie 1Rg Bcr600w Firmware Dec 18, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the get_wanobj in file /usr/lib/lua/luci/controller/admin/common.lua.
CVE-2025-56124 1Ruijie 2Rg Ew1200 Firmware Rg X60 Pro Firmware Dec 18, 2025 Dec 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/network...Show more OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.Show less
CVE-2025-56123 1Ruijie 2Rg Ew1200g Pro Firmware Rg Ew1300g Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_...Show more OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.Show less
CVE-2025-56122 1Ruijie 3Rg Ew1800gx Firmware Rg Ew1800gx Pro FirmwareRg Ew300n Firmware Dec 23, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/netw...Show more OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.Show less
CVE-2025-56120 1Ruijie 2Rg Ew1200 Firmware Rg X60 Pro Firmware Dec 23, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/conf...Show more OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.Show less
CVE-2025-56118 1Ruijie 2Rg Ew3200gx Firmware Rg X60 Pro Firmware Dec 23, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwm...Show more OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.Show less
CVE-2025-56117 1Ruijie 2Rg Est310 Firmware X30 Pro Firmware Jan 7, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
CVE-2025-56114 1Ruijie 2M18 Ew Firmware Rg Ew1300g Firmware Jan 7, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain...Show more OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.Show less
CVE-2025-56113 1Ruijie 4Reyee Os Rg Eap602 FirmwareRg Est310 V2 Firmware+1 more Feb 11, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/module...Show more OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.Show less
CVE-2025-56111 1Ruijie 1Rg Bcr860 Firmware Jan 7, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controller/admin/netport.lua...Show more OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controller/admin/netport.lua.Show less
CVE-2025-56110 1Ruijie 1Rg Bcr860 Firmware Jan 26, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_deal_update in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua.
CVE-2025-56109 1Ruijie 1Rg Bcr860 Firmware Jan 26, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_wireless in file /usr/lib/lua/luci/control/admin/wireless.lua.
CVE-2025-56108 1Ruijie 5Rg Eap602 Firmware Rg Est310 FirmwareRg Est350 Firmware+2 more Jan 26, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
CVE-2025-56107 1Ruijie 1Rg Bcr600w Firmware Dec 26, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config...Show more OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua.Show less
CVE-2025-56106 1Ruijie 2Rg Est350 Firmware Rg Ew1800gx Firmware Jan 26, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua...Show more OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.Show less

Previous 1...484950...298 Next