CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2021-29076 CRITICAL
NETGEAR RBK852/RBK853/RBK854/RBR850/RBS850 < 3.2.17.12 - Unauthenticated Command Injection
CVSS 9.6
CVE-2021-29072 HIGH
NETGEAR RBK852/RBK853/RBK854/RBR850/RBS850 < 3.2.17.12 - Authenticated Command Injection
CVSS 8.4
CVE-2021-29071 CRITICAL
NETGEAR RBK/RBR/RBS 850/750 Series < 3.2.17.12 - Authenticated Command Injection
CVSS 9.6
CVE-2021-29070 HIGH
NETGEAR RBK852/RBK853/RBK854/RBR850/RBS850 < 3.2.17.12 - Authenticated Command Injection
CVSS 8.4
CVE-2021-29069 HIGH
NETGEAR XR450 XR500 WNR2000v5 - Authenticated Command Injection
CVSS 7.3
CVE-2021-26275 CRITICAL
eslint-fixer < 0.1.5 - Command Injection via Shell Metacharacters
CVSS 9.8
CVE-2021-3148 CRITICAL
SaltStack Salt < 3002.5 - Command Injection via Thin Generation
CVSS 9.8
CVE-2021-27185 CRITICAL
samba-client < 4.0.0 - OS Command Injection via process.exec
CVSS 9.8
CVE-2021-26576 HIGH
HPE Baseboard Management Controller < 3.0.14.0 - Command Injection via libifc.so uploadsshkey Function
CVSS 7.8
CVE-2021-25172 HIGH
HPE Apollo 70 System <3.0.14.0 - Command Injection
CVSS 7.8
CVE-2021-0364 MEDIUM
Android 10-11 - Command Injection in mobile_log_d
CVSS 6.7
CVE-2021-0363 MEDIUM
Android 10-11 - Local Privilege Escalation via mobile_log_d Command Injection
CVSS 6.7
CVE-2021-0358 MEDIUM
Android 10-11 - Command Injection in netdiag
CVSS 6.7
CVE-2021-0356 MEDIUM
Android 10-11 - Command Injection in netdiag
CVSS 6.7
CVE-2021-1299 HIGH
Cisco SD-WAN Firmware - Authenticated Command Injection
CVSS 8.8
CVE-2021-1298 HIGH
Cisco SD-WAN Firmware - Authenticated Command Injection
CVSS 8.8
CVE-2021-1263 HIGH
Cisco SD-WAN Firmware - Authenticated Command Injection
CVSS 7.8
CVE-2021-1262 HIGH
Cisco SD-WAN Firmware - Authenticated Command Injection
CVSS 7.8
CVE-2021-1261 HIGH
Cisco SD-WAN Firmware - Authenticated Command Injection
CVSS 7.8
CVE-2021-1260 HIGH
Cisco SD-WAN Firmware - Authenticated Command Injection
CVSS 7.8
CVE-2020-13712 HIGH
oMG2000 <3.15.1 - Command Injection, MG90 <4.2.1 - Command Injection
CVSS 7.8
CVE-2020-22570 HIGH
memcached 1.6.0-1.6.2 - Denial of Service via Crafted Meta Command
CVSS 7.5
CVE-2020-29547 MEDIUM
Citadel <webcit-926 - Info Disclosure
CVSS 5.9
CVE-2020-22662 HIGH
Ruckus APs and SmartZone Controllers - Command Injection to Modify Region Code
CVSS 7.5
CVE-2020-36650 MEDIUM
IonicaBizau node-gry <6.0.0 - Command Injection
CVSS 5.5
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits