CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2021-46233 CRITICAL
D-Link DI-7200GV2.E1 v21.04.09E1 - Command Injection
CVSS 9.8
CVE-2021-46232 CRITICAL
D-Link DI-7200GV2.E1 <v21.04.09E1 - Command Injection
CVSS 9.8
CVE-2021-46231 CRITICAL
D-Link DI-7200GV2.E1 v21.04.09E1 - Command Injection
CVSS 9.8
CVE-2021-46230 CRITICAL
D-Link DI-7200GV2.E1 <v21.04.09E1 - Command Injection
CVSS 9.8
CVE-2021-46229 CRITICAL
D-Link DI-7200GV2.E1 v21.04.09E1 - Command Injection
CVSS 9.8
CVE-2021-46228 CRITICAL
D-Link DI-7200GV2.E1 <v21.04.09E1 - Command Injection
CVSS 9.8
CVE-2021-46227 CRITICAL
D-Link DI-7200GV2.E1 v21.04.09E1 - Command Injection
CVSS 9.8
CVE-2021-46226 CRITICAL
D-Link DI-7200GV2.E1 v21.04.09E1 - Command Injection
CVSS 9.8
CVE-2021-45998 CRITICAL
D-Link DIR-882 Firmware < 1.30B06 - OS Command Injection via LocalIPAddress Parameter
CVSS 9.8
CVE-2021-45990 CRITICAL
Tenda G1 and G3 Firmware 15.11.0.17(9502)_CN - OS Command Injection via uploadPicture pic_name Parameter
CVSS 9.8
CVE-2021-45742 CRITICAL
TOTOLINK A720R <4.1.5cu.470 - Command Injection
CVSS 9.8
CVE-2021-45738 CRITICAL
TOTOLINK X5000R <9.1.0u.6118 - Command Injection
CVSS 9.8
CVE-2021-45733 CRITICAL
TOTOLINK X5000R <9.1.0u.6118 - Command Injection
CVSS 9.8
CVE-2021-44882 CRITICAL
D-Link DIR-878 Firmware < 1.20b05 - OS Command Injection via HNAP1 POST Request
CVSS 9.8
CVE-2021-44881 CRITICAL
D-Link DIR-882 Firmware < 1.30B06 - OS Command Injection via HNAP1 POST Request
CVSS 9.8
CVE-2021-44880 CRITICAL
D-Link DIR-878 and DIR-882 Firmware - OS Command Injection via HNAP1 POST Request
CVSS 9.8
CVE-2021-44247 CRITICAL
Totolink A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, A720R v4.1.5cu.470_B20200911 - OS Command Injection
CVSS 9.8
CVE-2021-42638 HIGH
PrinterLogic Web Stack <= 19.1.1.13 SP9 - Unauthenticated Remote Code Execution
CVSS 8.1
CVE-2021-32849 HIGH
gerapy < 0.9.9 - Authenticated OS Command Injection
CVSS 8.8
CVE-2021-46560 CRITICAL
Moxa TN-5900 <3.1 - Command Injection
CVSS 9.8
CVE-2021-43589 MEDIUM
Dell EMC Unity <5.1.2.0.5.007 - Command Injection
CVSS 6.0
CVE-2021-44735 CRITICAL
Lexmark B2236 Firmware < mslsg.076.294 - OS Command Injection
CVSS 9.8
CVE-2021-33965 HIGH
China Mobile An Lianbao WF-1 Firmware V1.0.1 - OS Command Injection via Mesh Configuration Parameters
CVSS 8.8
CVE-2021-33964 HIGH
China Mobile An Lianbao WF-1 Firmware V1.0.1 - OS Command Injection via firewall_level Parameter
CVSS 8.8
CVE-2021-33963 CRITICAL
China Mobile An Lianbao WF-1 v1.0.1 - OS Command Injection via macType Parameter
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits