CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,570 vulnerabilities with CWE-77
CVE-2022-34592
CRITICAL
Wavlink WL-WN575A3 RPT75A3.V4300.201217 - OS Command Injection via obtw Function
CVSS 9.8
CVE-2022-32449
CRITICAL
TOTOLINK EX300_V2 V4.0.3c.7484 - OS Command Injection via langType Parameter
CVSS 9.8
CVE-2022-28935
HIGH
Totolink Multiple Routers OS Command Injection
CVSS 7.2
CVE-2022-28171
HIGH
Hikvision Hybrid SAN/Cluster Storage Firmware < 2.3.8-6 - OS Command Injection
CVSS 7.5
CVE-2022-31874
CRITICAL
ASUS RT-N53 3.0.0.4.376.3754 - OS Command Injection via SystemCmd Parameter
CVSS 9.8
CVE-2022-32154
MEDIUM
Splunk < 9.0 - SPL Safeguard Bypass via Form Token Injection
CVSS 6.8
CVE-2022-32262
HIGH
SINEMA Remote Connect Server < 3.1 - Remote Code Execution via File Upload Command Injection
CVSS 8.8
CVE-2022-29712
CRITICAL
LibreNMS < 22.4.0 - OS Command Injection via service_ip, hostname, and service_param Parameters
CVSS 9.8
CVE-2022-29256
MEDIUM
sharp < 0.30.5 - OS Command Injection via PKG_CONFIG_PATH Environment Variable
CVSS 6.5
CVE-2022-30321
HIGH
HashiCorp go-getter < 1.5.11, 2.0.2 - Path Traversal and Command Injection
CVSS 8.6
CVE-2022-28618
CRITICAL
HPE Nimble Storage - Command Injection
CVSS 9.8
CVE-2022-29184
HIGH
GoCD < 22.1.0 - Authenticated Remote Code Execution via Mercurial Hook Branch Name Injection
CVSS 8.8
CVE-2022-24394
HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-24393
HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-24392
HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-24390
HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-24389
HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-24388
HIGH
Fidelis Network & Deception <9.4.5 - Command Injection
CVSS 8.8
CVE-2022-26085
HIGH
InHand Networks InRouter302 V3.5.4 - Command Injection
CVSS 8.8
CVE-2022-26042
HIGH
InHand Networks InRouter302 V3.5.4 - Command Injection
CVSS 8.8
CVE-2022-26007
HIGH
InHand Networks InRouter302 V3.5.4 - Command Injection
CVSS 7.2
CVE-2022-27806
HIGH
F5 BIG-IP Advanced WAF/ASM/Guided Configuration - Authenticated Command Injection via Undisclosed URIs
CVSS 8.7
CVE-2022-27588
CRITICAL
QVR < 5.1.6 - OS Command Injection
CVSS 9.8
CVE-2022-26415
HIGH
F5 BIG-IP 12.1.x-16.1.x - Authenticated Appliance Mode Restriction Bypass via iControl REST Endpoint
CVSS 7.7
CVE-2022-20801
MEDIUM
Cisco RV340, RV340W, RV345, RV345P Firmware < 1.0.03.27 - Authenticated OS Command Injection
CVSS 4.7
Details
Vulnerabilities
3,570
Exploit Likelihood
High