Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2682

2682 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-13502 A command injection in the NTC2218, NTC2250, NTC2299 modems' web interfaces allows to exeucte arbitrary shell commands. — NTC2218, NTC2250, NTC2299 7.2 -2025-01-17
CVE-2025-0457 NetVision Information airPASS - OS Command Injection — airPASS 8.8 High2025-01-16
CVE-2025-0356 NEC Aterm WX1500HP 操作系统命令注入漏洞 — WX1500HP 7.2 High2025-01-15
CVE-2024-26012 Fortinet FortiAP 操作系统命令注入漏洞 — FortiAP-S 6.3 Medium2025-01-14
CVE-2024-48890 Fortinet FortiSOAR 操作系统命令注入漏洞 — FortiSOAR 6.3 Medium2025-01-14
CVE-2024-40587 Fortinet FortiVoice 操作系统命令注入漏洞 — FortiVoice 6.3 Medium2025-01-14
CVE-2024-27778 Fortinet FortiSandbox 操作系统命令注入漏洞 — FortiSandbox 8.3 High2025-01-14
CVE-2023-37937 Fortinet FortiSwitch 操作系统命令注入漏洞 — FortiSwitch 7.6 High2025-01-14
CVE-2024-56497 Fortinet FortiMail和FortiRecorder 操作系统命令注入漏洞 — FortiMail 6.5 Medium2025-01-14
CVE-2024-50566 Fortinet FortiManager 操作系统命令注入漏洞 — FortiManager 7.2 High2025-01-14
CVE-2025-20055 STEALTHONE D220和STEALTHONE D340 操作系统命令注入漏洞 — STEALTHONE D220 9.8 Critical2025-01-14
CVE-2025-20016 STEALTHONE多款产品 操作系统命令注入漏洞 — STEALTHONE D220 7.2 High2025-01-14
CVE-2025-0107 Expedition: OS Command Injection Vulnerability — Cloud NGFW 10.0 -2025-01-11
CVE-2024-12847 NETGEAR DGN setup.cgi OS Command Injection — DGN1000 9.8 Critical2025-01-10
CVE-2024-43653 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43651 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43649 Authenticated command injection via <redacted>.exe <redacted> parameter — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43654 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43657 When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station. — Iocharger firmware for AC models 7.8 -2025-01-09
CVE-2024-43652 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC chargers 8.8 -2025-01-09
CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution. — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43648 Authenticated command injection via <redacted>.exe <redacted> parameter — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43650 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43655 Any authenticated users can execute OS commands as root using the <redacted>.sh CGI script. — Iocharger firmware for AC models 6.6 -2025-01-09
CVE-2024-50603 Aviatrix Controller 操作系统命令注入漏洞 — Controller 10.0 Critical2025-01-08
CVE-2024-11681 Remote Code Execution in MacPorts — MacPorts 8.4 -2025-01-07
CVE-2024-12970 OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer — Pardus OS My Computer 3.9 Low2025-01-06
CVE-2024-13129 Roxy-WI roxy.py action_service os command injection — Roxy-WI 8.8 High2025-01-03
CVE-2024-9140 MOXA多款产品 安全漏洞 — EDR-8010 Series 9.8 Critical2025-01-03
CVE-2024-56137 MaxKB RCE vulnerability in function library — MaxKB 6.8 Medium2025-01-02

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2682 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.