CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2022-26998 CRITICAL
Arris TR3300 v1.0.13 - Command Injection
CVSS 9.8
CVE-2022-26997 CRITICAL
Arris TR3300 <1.0.13 - Command Injection
CVSS 9.8
CVE-2022-26996 CRITICAL
Arris TR3300 v1.0.13 - Command Injection
CVSS 9.8
CVE-2022-26995 CRITICAL
Arris TR3300 v1.0.13 - Command Injection
CVSS 9.8
CVE-2022-25137 CRITICAL
TOTOLINK T6 and T10 Firmware - OS Command Injection via MQTT Packet
CVSS 9.8
CVE-2022-25136 CRITICAL
TOTOLINK T6 and T10 Firmware - OS Command Injection via MQTT Packet
CVSS 9.8
CVE-2022-25135 CRITICAL
TOTOLINK T6 V3 Firmware V4.1.5cu.748_B20211015 - OS Command Injection via MQTT Packet
CVSS 9.8
CVE-2022-25134 CRITICAL
TOTOLINK T6 V3 Firmware V4.1.5cu.748_B20211015 - OS Command Injection via MQTT Packet
CVSS 9.8
CVE-2022-25133 CRITICAL
TOTOLINK T6 V3 Firmware V4.1.5cu.748_B20211015 - OS Command Injection via MQTT Packet
CVSS 9.8
CVE-2022-25132 CRITICAL
TOTOLINK T6 V3 Firmware 4.1.5cu.748_B20211015 - Command Injection via MQTT Packet
CVSS 9.8
CVE-2022-25131 CRITICAL
TOTOLINK T6 and T10 Firmware - OS Command Injection via MQTT Packet
CVSS 9.8
CVE-2022-25130 CRITICAL
TOTOLINK T6 and T10 Firmware - OS Command Injection via MQTT Packet
CVSS 9.8
CVE-2022-24171 CRITICAL
Tenda routers G1-G3 v15.11.0.17 - Command Injection
CVSS 9.8
CVE-2022-24170 CRITICAL
Tenda routers G1-G3 v15.11.0.17 - Command Injection
CVSS 9.8
CVE-2022-24168 CRITICAL
Tenda routers - Command Injection
CVSS 9.8
CVE-2022-24167 CRITICAL
Tenda G1 and G3 Firmware v15.11.0.17(9502)_CN - OS Command Injection via dmzHost1 Parameter
CVSS 9.8
CVE-2022-24165 CRITICAL
Tenda G1 and G3 Firmware 15.11.0.17(9502)_CN - OS Command Injection via qvlanIP Parameter
CVSS 9.8
CVE-2022-24150 CRITICAL
Tenda AX3 v16.03.12.10_CN - Command Injection
CVSS 9.8
CVE-2022-24148 CRITICAL
Tenda AX3 v16.03.12.10_CN - Command Injection
CVSS 9.8
CVE-2022-24144 CRITICAL
Tenda AX3 <16.03.12.10_CN - Command Injection
CVSS 9.8
CVE-2022-22991 HIGH
Western Digital My Cloud OS < 5.19.117 - OS Command Injection via DNS Spoofing
CVSS 7.8
CVE-2022-21668 HIGH
pipenv 2018.10.9-2022.1.8 - Remote Code Execution via Malicious Requirements File Comment
CVSS 8.0
CVE-2021-38117 HIGH
OpenText iManager 3.2.4.0000 - Command Injection
CVSS 8.8
CVE-2021-38116 HIGH
OpenText iManager <3.2.5 - Privilege Escalation
CVSS 8.8
CVE-2021-27702 HIGH
Sercomm Router Etisalat Model S3-AC2100 - Info Disclosure
CVSS 7.3
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits