Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,947)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-56102 1Ruijie 2Rg Ew1800gx Firmware Rg Ew300r Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConne...Show more OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.Show less
CVE-2025-56101 1Ruijie 2M18 Ew Firmware Rg Ew1200r Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.l...Show more OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.Show less
CVE-2025-56099 1Ruijie 4Reyee Os Rg Eap602 FirmwareRg Est310 V2 Firmware+1 more Feb 11, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-YST AP_3.0(1)B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
CVE-2025-56098 1Ruijie 2Rg Ew300 Pro Firmware X30 Pro Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVE-2025-56097 1Ruijie 2Rg Ew1800gx Pro Firmware Rg Ew300n Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/c...Show more OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.Show less
CVE-2025-56096 1Ruijie 1Rg Bcr600w Firmware Dec 26, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua.
CVE-2025-56095 1Ruijie 2Rg Eap602 Firmware Rg Ew1200g Pro Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_...Show more OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.Show less
CVE-2025-56094 1Ruijie 2Rg Ew300 Pro Firmware X30 Pro Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua.
CVE-2025-56093 1Ruijie 3Rg Eap602 Firmware Rg Ew300 Pro FirmwareX30 Pro Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua.
CVE-2025-56092 1Ruijie 2Rg Ew300t Firmware X30 Pro Firmware Jan 29, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVE-2025-56091 1Ruijie 2Rg Ew1800gx Firmware Rg Ew300r Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_re...Show more OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.Show less
CVE-2025-56090 1Ruijie 2Rg Ew1200g Pro Firmware Rg Ew1200r Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_...Show more OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.Show less
CVE-2025-56089 1Ruijie 2M18 Ew Firmware Rg Ew300g Pro Firmware Jan 27, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
CVE-2025-56088 1Ruijie 1Rg Bcr860 Firmware Jan 26, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua.
CVE-2025-56087 1Ruijie 1Rg Bcr600w Firmware Dec 26, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua.
CVE-2025-56086 1Ruijie 2Rg Ew1200 Firmware Rg X60 Firmware Dec 26, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/...Show more OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.Show less
CVE-2025-56085 1Ruijie 2Rg Ew1200 Firmware Rg Ew300 Pro Firmware Dec 26, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/...Show more OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.Show less
CVE-2025-56084 1Ruijie 4Reyee Os Rg Eap602 FirmwareRg Est310 V2 Firmware+1 more Feb 11, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_...Show more OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.Show less
CVE-2025-56083 1Ruijie 4Reyee Os Rg Eap602 FirmwareRg Est310 V2 Firmware+1 more Feb 11, 2026 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_networkId_merge.lu...Show more OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_networkId_merge.lua.Show less
CVE-2025-56082 1Ruijie 1Rg Bcr600w Firmware Dec 26, 2025 Dec 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua.

Previous 1...495051...298 Next