CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2022-20799 MEDIUM
Cisco RV340 and RV345 Firmware < 1.0.03.27 - Authenticated OS Command Injection
CVSS 4.7
CVE-2022-1509 CRITICAL
hestiacp control_panel < 1.5.12 - Authenticated Remote Code Execution via Command Injection
CVSS 9.9
CVE-2022-26826 HIGH
Windows DNS Server - Remote Code Execution
CVSS 7.2
CVE-2022-26151 HIGH
Citrix XenMobile Server <10.14 - Command Injection
CVSS 7.2
CVE-2022-0999 HIGH
mySCADA myPRO <= 8.25.0 - Authenticated OS Command Injection
CVSS 8.8
CVE-2022-20665 MEDIUM
Cisco StarOS - Privilege Escalation
CVSS 6.0
CVE-2022-25619 LOW
SambaBox < 4.0 - Authenticated Remote Code Execution via Ping Tool
CVSS 3.8
CVE-2022-22688 HIGH
Synology DiskStation Manager 6.2-6.2.4-25556-1 and 7.0-7.0.1-42213 - Authenticated Command Injection in File Service
CVSS 8.8
CVE-2022-27083 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - OS Command Injection via uploadAccessCodePic Endpoint
CVSS 9.8
CVE-2022-27082 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - OS Command Injection via SetInternetLanInfo Endpoint
CVSS 9.8
CVE-2022-27081 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - OS Command Injection via SetLanInfo Endpoint
CVSS 9.8
CVE-2022-27080 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - Command Injection via setWorkmode Component
CVSS 9.8
CVE-2022-27079 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - OS Command Injection via setPicListItem Endpoint
CVSS 9.8
CVE-2022-27078 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - OS Command Injection via setAdInfoDetail Endpoint
CVSS 9.8
CVE-2022-27077 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - OS Command Injection via /cgi-bin/uploadWeiXinPic
CVSS 9.8
CVE-2022-27076 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - OS Command Injection via delAd Endpoint
CVSS 9.8
CVE-2022-26536 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) - Command Injection via setFixTools Endpoint
CVSS 9.8
CVE-2022-26189 CRITICAL
TOTOLINK N600R V4.3.0cu.7570_B20200620 - Command Injection
CVSS 9.8
CVE-2022-26188 CRITICAL
TOTOLINK N600R V4.3.0cu.7570_B20200620 - Command Injection
CVSS 9.8
CVE-2022-26187 CRITICAL
TOTOLINK N600R V4.3.0cu.7570_B20200620 - Command Injection
CVSS 9.8
CVE-2022-26186 CRITICAL
TOTOLINK N600R V4.3.0cu.7570_B20200620 - Command Injection
CVSS 9.8
CVE-2022-27002 CRITICAL
Arris TR3300 v1.0.13 - OS Command Injection via DDNS Parameters
CVSS 9.8
CVE-2022-27001 CRITICAL
Arris TR3300 v1.0.13 - OS Command Injection via DHCP Hostname Parameter
CVSS 9.8
CVE-2022-27000 CRITICAL
Arris TR3300 v1.0.13 - OS Command Injection via NTP Server and Time Zone Parameters
CVSS 9.8
CVE-2022-26999 CRITICAL
Arris TR3300 v1.0.13 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits