CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2022-20925 MEDIUM
Cisco Firepower Management Center - Authenticated OS Command Injection via API Endpoint
CVSS 6.3
CVE-2022-45063 CRITICAL
xterm < 375 - Remote Code Execution via Font Operations
CVSS 9.8
CVE-2022-43109 CRITICAL
D-Link DIR-823G v1.0.2 - Command Injection
CVSS 9.8
CVE-2022-37425 CRITICAL
OpenNebula < 6.4.2 - Remote Code Execution via Command Injection
CVSS 9.9
CVE-2022-43367 CRITICAL
IP-COM EW9 <15.11.0.14 - Command Injection
CVSS 9.8
CVE-2022-35271 HIGH
Robustel R1510 Firmware 3.1.16 and 3.3.0 - Denial of Service via Web Server hashFirst Functionality
CVSS 7.5
CVE-2022-35270 HIGH
Robustel R1510 Firmware 3.1.16 and 3.3.0 - Denial of Service via Web Server hashFirst Functionality
CVSS 7.5
CVE-2022-35269 HIGH
Robustel R1510 Firmware 3.1.16 and 3.3.0 - Denial of Service via /action/import_e2c_json_file/ API
CVSS 7.5
CVE-2022-35267 HIGH
Robustel R1510 Firmware 3.1.16 and 3.3.0 - Denial of Service via Web Server hashFirst Functionality
CVSS 7.5
CVE-2022-35266 HIGH
Robustel R1510 Firmware 3.1.16 and 3.3.0 - Denial of Service via Web Server hashFirst Functionality
CVSS 7.5
CVE-2022-35265 HIGH
Robustel R1510 Firmware 3.1.16 and 3.3.0 - Denial of Service via Web Server hashFirst Functionality
CVSS 7.5
CVE-2022-32765 CRITICAL
Robustel R1510 Firmware 3.1.16 and 3.3.0 - OS Command Injection via sysupgrade
CVSS 9.8
CVE-2022-41617 HIGH
BIG-IP <16.1.3.1, <15.1.6.1, <14.1.5.1, <13.1.5.1 - Authenticated RCE
CVSS 7.2
CVE-2022-42161 HIGH
D-Link COVR 1200,1202,1203 v1.08 - OS Command Injection via SetTriggerWPS PIN Parameter
CVSS 8.8
CVE-2022-42160 HIGH
D-Link COVR 1200,1202,1203 v1.08 - OS Command Injection via system_time_timezone Parameter
CVSS 8.8
CVE-2022-42156 HIGH
D-Link COVR 1200,1202,1203 Firmware - OS Command Injection via Network Tomography Settings
CVSS 8.8
CVE-2022-42906 HIGH
powerline-gitstatus < 1.3.2 - Remote Code Execution via Malicious Git Repository Configuration
CVSS 7.8
CVE-2022-42897 CRITICAL
Arraynetworks Arrayos AG < 9.4.0.469 - Command Injection
CVSS 9.8
CVE-2022-34432 HIGH
Dell Hybrid Client < 1.8 - Unauthenticated Command Injection via gedit
CVSS 7.3
CVE-2022-39265 HIGH
MyBB < 1.8.31 - Authenticated Remote Code Execution via Mail Settings Parameter Injection
CVSS 7.2
CVE-2022-20851 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via Web UI API
CVSS 5.5
CVE-2022-41870 HIGH
Innovaphone <13r2-17 - Command Injection
CVSS 7.2
CVE-2022-39243 HIGH
NuProcess 1.2.0-2.0.4 - Command Injection via NUL Character Bypass
CVSS 8.4
CVE-2022-40100 CRITICAL
Tenda i9 v1.0.0.8(3828) - OS Command Injection via FormexeCommand Function
CVSS 9.8
CVE-2022-37883 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated Remote Command Execution
CVSS 7.2
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits