CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2021-37723 HIGH
ArubaOS < 8.3.0.16, 8.5.0.12, 8.6.0.8, 8.7.1.2 - Remote Command Execution
CVSS 7.2
CVE-2021-37722 HIGH
Aruba SD-WAN 2.2.0.0-2.2.0.3 and ArubaOS 6.4.4.0-6.4.4.24 - Remote Command Execution
CVSS 7.2
CVE-2021-37721 HIGH
Aruba SD-WAN 2.2.0.0-2.2.0.3 and ArubaOS 6.4.4.0-6.4.4.24 - Remote Command Execution
CVSS 7.2
CVE-2021-37720 HIGH
Aruba SD-WAN 2.2.0.0-2.2.0.3 and ArubaOS 6.4.4.0-6.4.4.24 - Remote Command Execution
CVSS 7.2
CVE-2021-37719 HIGH
Aruba SD-WAN 2.2.0.0-2.2.0.3 and ArubaOS 6.4.4.0-6.4.4.24 - Remote Command Execution
CVSS 7.2
CVE-2021-37718 HIGH
Aruba SD-WAN 2.2.0.0-2.2.0.5 and ArubaOS 8.3.0.0-8.3.0.15 - Remote Command Execution
CVSS 7.2
CVE-2021-37717 HIGH
Aruba SD-WAN 2.2.0.0-2.2.0.5 and ArubaOS 8.3.0.0-8.3.0.15 - Remote Command Execution
CVSS 7.2
CVE-2021-36024 CRITICAL
Adobe Commerce/Magento Open Source <=2.4.2-p1 - Admin Data Collection Command Execution
CVSS 9.1
CVE-2021-35220 HIGH
SolarWinds Orion Platform < 2020.2.6 - Remote Code Execution via EmailWebPage API
CVSS 8.1
CVE-2021-1580 MEDIUM
Cisco APIC & Cloud APIC Command Injection & File Upload via Web UI/API
CVSS 6.5
CVE-2021-39510 CRITICAL
D-Link DIR-816 A1 FW101CNB04 - OS Command Injection via form2userconfig.cgi Username Parameter
CVSS 9.8
CVE-2021-39509 CRITICAL
D-Link DIR-816 A2 Firmware 1.10CNB05_R1B011D88210 - OS Command Injection via form2userconfig.cgi Username Parameter
CVSS 9.8
CVE-2021-38556 HIGH
RaspAP 2.6.6 - OS Command Injection in configure_client.php
CVSS 8.8
CVE-2021-38611 CRITICAL
NASCENT RemKon Device Manager 4.0.0.0 - Command Injection
CVSS 9.8
CVE-2021-32830 LOW
@diez/generation - Command Injection
CVSS 3.9
CVE-2021-3617 HIGH
Lenovo Smart Camera X3, X5, and C2E Firmware < 01.03.29.16 - OS Command Injection via Network Configuration
CVSS 7.2
CVE-2021-21595 MEDIUM
Dell EMC PowerScale OneFS 8.2.x-9.1.1.x - Authenticated Privilege Escalation via OS Command Injection
CVSS 6.0
CVE-2021-37708 HIGH
Shopware < 6.4.3.1 - OS Command Injection in Mail Agent Settings
CVSS 8.8
CVE-2021-22938 HIGH
Pulse Connect Secure <9.1R12 - Command Injection
CVSS 7.2
CVE-2021-22935 HIGH
Pulse Connect Secure <9.1R12 - Command Injection
CVSS 7.2
CVE-2021-38530 CRITICAL
NETGEAR RBK/RBR/RBS Firmware - Unauthenticated Command Injection
CVSS 9.6
CVE-2021-38529 HIGH
NETGEAR D7800/R7800/R8900/R9000 - Unauthenticated Command Injection
CVSS 8.3
CVE-2021-38528 CRITICAL
NETGEAR D8500/R6900P/R7000P/R7100LG/WNDR3400/XR300 - Unauthenticated Command Injection
CVSS 9.6
CVE-2021-38527 HIGH
NETGEAR devices - Command Injection
CVSS 8.1
CVE-2021-38521 MEDIUM
NETGEAR R6400/R7900P/R8000P/RAX75/RAX80 Firmware - Authenticated Command Injection
CVSS 6.1
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits