CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2021-38120 MEDIUM
NetIQ Advance Auth <6.3.5.1 - Command Injection
CVSS 5.1
CVE-2021-4406 CRITICAL
QuantaStor < 6.0.0.355 - Authenticated OS Command Injection via Alert Webhook URL
CVSS 9.1
CVE-2021-4329 MEDIUM
json-logic-js 2.0.0 - Command Injection
CVSS 5.5
CVE-2021-3855 HIGH
Liman Central Management System <1.8.3-462 - Command Injection
CVSS 8.8
CVE-2021-31575 CRITICAL
MediaTek EN7580 and EN7528 Firmware < tlm7.3.275.0-82 - Unauthenticated Remote Command Injection in Config Manager
CVSS 9.8
CVE-2021-31574 CRITICAL
MediaTek EN7580 and EN7528 Firmware < tlm7.3.275.0-82 - Unauthenticated Remote Command Injection in Config Manager
CVSS 9.8
CVE-2021-31573 CRITICAL
MediaTek EN7580 and EN7528 Firmware < tlm7.3.275.0-82 - Unauthenticated Remote Command Injection in Config Manager
CVSS 9.8
CVE-2021-41231 HIGH
OpenMage Magento < 19.4.22 - Authenticated Arbitrary Code Execution via DataFlow Convert Profile
CVSS 7.2
CVE-2021-41144 HIGH
OpenMage Magento < 19.4.22 - Remote Code Execution via Layout Block Bypass
CVSS 8.8
CVE-2021-41143 HIGH
OpenMage LTS <19.4.22-20.0.19 - RCE
CVSS 7.2
CVE-2021-39217 HIGH
OpenMage LTS < 19.4.22 - Authenticated Remote Code Execution via Custom Layout Block Methods
CVSS 7.2
CVE-2021-4304 MEDIUM
Eprintsug ulcc-core - Command Injection
CVSS 6.3
CVE-2021-32692 CRITICAL
Activity Watch <0.11.0 - Command Injection
CVSS 9.6
CVE-2021-26731 CRITICAL
Lanner Inc IAC-AST2500A Firmware 1.10.0 - Authenticated Stack-Based Buffer Overflow in modifyUserb_func
CVSS 9.1
CVE-2021-26729 CRITICAL
Lanner Inc IAC-AST2500A Firmware 1.10.0 - Stack-Based Buffer Overflow and Command Injection in Login Handler
CVSS 10.0
CVE-2021-26728 CRITICAL
Lanner Inc IAC-AST2500A Firmware 1.10.0 - Stack-Based Buffer Overflow and Command Injection in KillDupUsr_func
CVSS 10.0
CVE-2021-26727 CRITICAL
Lanner Inc IAC-AST2500A standard firmware 1.10.0 - Stack-based Buffer Overflow in SubNet_handler_func
CVSS 10.0
CVE-2021-44051 HIGH
QNAP QTS 4.3.3-5.0.0, QuTS hero <4.5.4.1771, QuTScloud <5.0.1.1998 - Remote Command Injection
CVSS 8.8
CVE-2021-43163 CRITICAL
Ruijie Networks Ruijie RG-EW - RCE
CVSS 9.8
CVE-2021-43162 HIGH
Ruijie Networks RG-EW - RCE
CVSS 8.8
CVE-2021-43161 HIGH
Ruijie Networks RG-EW - RCE
CVSS 8.8
CVE-2021-43160 HIGH
Ruijie Networks RG-EW - RCE
CVSS 8.8
CVE-2021-43159 HIGH
Ruijie Networks Ruijie RG-EW - RCE
CVSS 8.8
CVE-2021-34592 HIGH
Bender CC612 and ICC15XX Firmware 5.11.0-5.11.1 - Authenticated Command Injection via Web Interface
CVSS 8.8
CVE-2021-43286 HIGH
ThoughtWorks GoCD <21.3.0 - Command Injection
CVSS 8.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits