CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2022-37881 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2022-37879 HIGH
Aruba ClearPass Policy Manager < 6.9.12 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2022-28220 HIGH
Apache James < 3.6.3 and 3.7.1 - Command Injection via STARTTLS Buffering Attack
CVSS 7.5
CVE-2022-3008 HIGH
tinygltf <2.6.0 - Command Injection
CVSS 8.1
CVE-2022-37125 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 - OS Command Injection via NTPSyncWithHost
CVSS 9.8
CVE-2022-34383 HIGH
Dell Edge Gateway 5200 Firmware < 1.03.10 - OS Command Injection via SMI Bypass
CVSS 8.1
CVE-2022-21941 CRITICAL
iSTAR Ultra <6.8.9.CU01 - Command Injection
CVSS 10.0
CVE-2022-36559 CRITICAL
Seiko SkyBridge MB-A200 <v01.00.04 - Command Injection
CVSS 9.8
CVE-2022-36556 CRITICAL
Seiko SkyBridge MB-A100/A110 <4.2.0 - Command Injection
CVSS 9.8
CVE-2022-36554 CRITICAL
Hytec Inter HWL-2511-SS <1.05 - Command Injection
CVSS 9.8
CVE-2022-36553 CRITICAL
Hytec Inter HWL-2511-SS <v1.05 - Command Injection
CVSS 9.8
CVE-2022-2234 CRITICAL
mySCADA myPRO < 8.26.0 - Authenticated OS Command Injection
CVSS 9.9
CVE-2022-36523 CRITICAL
D-Link Go-RT-AC750 - Command Injection
CVSS 9.8
CVE-2022-35954 MEDIUM
GitHub Actions ToolKit <v1.9.1 - Code Injection
CVSS 5.0
CVE-2022-35518 CRITICAL
WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 - OS Command Injection via nas.cgi User1Passwd and User1 Parameters
CVSS 9.8
CVE-2022-20345 HIGH
Android - Remote Code Execution via Bluetooth L2CAP Command Processing
CVSS 8.8
CVE-2022-34660 CRITICAL
Siemens Teamcenter < 12.4.0.15 - Command Injection
CVSS 9.8
CVE-2022-34974 CRITICAL
D-Link DIR-810L Firmware 1.02B22 - OS Command Injection via Ping_addr Function
CVSS 9.8
CVE-2022-2323 HIGH
SonicWall Switch Firmware < 1.2.0.0-3 - Authenticated Remote Code Execution via Command Injection
CVSS 8.8
CVE-2022-29558 HIGH
Realtek rtl819x-SDK < 3.6.1 - Command Injection via Web Interface
CVSS 8.8
CVE-2022-2143 CRITICAL
Product <Version> - Command Injection
CVSS 9.8
CVE-2022-0902 HIGH
ABB RMC-100, RMC-100-LITE, XIO, XFCG5, XRCG5, uFLOG5, UDC Firmware - Path Traversal and Command Injection
CVSS 8.1
CVE-2022-31161 CRITICAL
Roxy-WI <6.1.1.0 - Command Injection
CVSS 10.0
CVE-2022-34820 HIGH
SIMATIC and SIPLUS CP Firmware - Remote Code Execution via Authentication Field Injection
CVSS 8.4
CVE-2022-29560 HIGH
Siemens RUGGEDCOM ROX < 2.15.1 - Authenticated Command Injection
CVSS 7.2
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits