CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2021-44520 HIGH
Citrix XenMobile Server through 10.12 RP9 - Authenticated Remote Code Execution via Command Injection
CVSS 8.8
CVE-2021-43474 CRITICAL
D-Link DIR-823G REVA1 <1.02B05 - Privilege Escalation
CVSS 9.8
CVE-2021-32933 CRITICAL
MDT AutoSave <6.02.06 - Code Injection
CVSS 10.0
CVE-2021-23247 CRITICAL
Quick Game Engine - Command Injection
CVSS 9.8
CVE-2021-43663 HIGH
totolink EX300_v2 V4.0.3c.140_B20210429 - Command Injection
CVSS 7.5
CVE-2021-43664 HIGH
totolink EX300_v2 V4.0.3c.140_B20210429 - Command Injection
CVSS 8.1
CVE-2021-43118 CRITICAL
DrayTek Vigor 2960/3900/300B 1.5.1.3 - Remote Command Injection via mainfunction.cgi
CVSS 9.8
CVE-2021-45876 CRITICAL
GARO Wallbox GLB/GTB/GTC Firmware < 185 - Unauthenticated Command Injection via downloadAndUpdate URL Parameter
CVSS 9.8
CVE-2021-44620 CRITICAL
TOTOLINK A3100R <=4.1.2cu.5050_b20200504 - OS Command Injection via hosTime Parameter
CVSS 9.8
CVE-2021-4045 CRITICAL
TP-Link Tapo C200 Firmware < 1.1.15 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2021-41001 HIGH
ArubaOS-CX 10.07.0001-10.07.0050 - Authenticated Remote Code Execution in Network Analytics Engine
CVSS 8.8
CVE-2021-41000 HIGH
Aruba AOS-CX <10.06.0170-10.08.1030 - RCE
CVSS 8.8
CVE-2021-44132 HIGH
C-DATA ONU4FERW < 2.1.13_x139 - OS Command Injection via formImportOMCIShell Function
CVSS 7.8
CVE-2021-40043 HIGH
Huawei AIS-BW80H-00 Firmware < 9.0.3.4(H100SP13C00) - Laser Command Injection
CVSS 7.8
CVE-2021-39363 CRITICAL
Honeywell HDZP252DI and HBW2PER1 - Video Replay Attack via ARP Cache Poisoning
CVSS 9.8
CVE-2021-45082 HIGH
Cobbler < 3.3.1 - Remote Code Execution via Cheetah Template Import Bypass
CVSS 7.8
CVE-2021-45401 CRITICAL
Tenda AC10U V1.0 Firmware V15.03.06.49_multi - OS Command Injection via setUsbUnload deviceName Parameter
CVSS 9.8
CVE-2021-41599 HIGH
GitHub Enterprise Server < 3.0.21 - Remote Code Execution via GitHub Pages Build
CVSS 8.8
CVE-2021-41552 HIGH
CommScope SURFboard SBG6950AC2 9.1.103AA23 - OS Command Injection
CVSS 8.8
CVE-2021-46457 CRITICAL
D-Link DIR-823-Pro <1.0.2 - Command Injection
CVSS 9.8
CVE-2021-46456 CRITICAL
D-Link DIR-823-Pro v1.0.2 - Command Injection
CVSS 9.8
CVE-2021-46455 CRITICAL
D-Link DIR-823-Pro <1.0.2 - Command Injection
CVSS 9.8
CVE-2021-46454 CRITICAL
D-Link DIR-823-Pro <1.0.2 - Command Injection
CVSS 9.8
CVE-2021-46453 CRITICAL
D-Link DIR-823-Pro <1.0.2 - Command Injection
CVSS 9.8
CVE-2021-46452 CRITICAL
D-Link DIR-823-Pro v1.0.2 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits