CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2020-35798 CRITICAL
NETGEAR Multiple Routers - Unauthenticated Command Injection
CVSS 9.3
CVE-2020-35794 HIGH
NETGEAR RBS40V/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 Firmware - Authenticated Command Injection
CVSS 8.4
CVE-2020-35793 MEDIUM
NETGEAR D7800/R7500v2/R7800/R8900/R9000 Firmware - Authenticated Command Injection
CVSS 6.1
CVE-2020-35792 HIGH
NETGEAR R7500v2/R7800/R8900/R9000 Firmware - Authenticated Command Injection
CVSS 8.3
CVE-2020-35791 MEDIUM
NETGEAR R7800/R8900/R9000 Firmware - Authenticated Command Injection
CVSS 6.4
CVE-2020-35790 MEDIUM
NETGEAR D7800/R7800/R8900/R9000 Firmware - Authenticated Command Injection
CVSS 6.4
CVE-2020-35777 HIGH
NETGEAR DGN2200v1 Firmware < 1.0.0.58 - OS Command Injection
CVSS 8.4
CVE-2020-25847 HIGH
QNAP QTS < 4.5.1.1495 and QuTS hero < h4.5.1.1491 - OS Command Injection
CVSS 8.8
CVE-2020-29299 HIGH
Zyxel VPN Orchestrator < 10.03 - Authenticated Command Injection via chg_exp_pwd
CVSS 7.2
CVE-2020-26273 MEDIUM
osquery < 4.6.0 - Arbitrary File Write via SQLite ATTACH Verb
CVSS 5.2
CVE-2020-24634 CRITICAL
Aruba Networks AP Management protocol - Command Injection
CVSS 9.8
CVE-2020-9116 HIGH
Huawei FusionCompute 6.5.1 and 8.0.0 - Authenticated Command Injection
CVSS 7.2
CVE-2020-9115 HIGH
Huawei ManageOne 6.5.1.1.B010-6.5.1.1.B050, 8.0.0, 8.0.1 - Authenticated Command Injection via Plugin Component
CVSS 7.2
CVE-2020-2492 HIGH
QNAP QTS < 4.4.3.1421 - Remote Code Execution
CVSS 7.2
CVE-2020-2490 HIGH
QNAP QTS < 4.4.3.1421 - Remote Command Injection
CVSS 7.2
CVE-2020-9127 MEDIUM
Huawei NIP6300 NIP6600 Secospace USG6300 USG6500 USG6600 USG9500 Firmware - Authenticated Command Injection
CVSS 6.7
CVE-2020-23639 CRITICAL
Moxa VPort 461 <3.4 - Command Injection
CVSS 9.8
CVE-2020-7384 HIGH
Metasploit < 4.19.0 - Command Injection via Malicious APK File
CVSS 7.0
CVE-2020-11496 MEDIUM
Sprecher SPRECON-E < 8.64b - Arbitrary Code Execution via Malicious PDL Parameter Files
CVSS 6.7
CVE-2020-9862 HIGH
iCloud < 7.20 - Command Injection via Web Inspector URL Copy
CVSS 7.8
CVE-2020-4636 HIGH
IBM Resilient OnPrem 38.2 - Authenticated OS Command Injection via Python3 Scripting
CVSS 7.2
CVE-2020-26929 HIGH
NETGEAR R6220 and R6230 < 1.1.0.100 - Authenticated Command Injection
CVSS 7.3
CVE-2020-26922 MEDIUM
NETGEAR WC7500 WC7600 WC7600v2 WC9500 < 6.5.5.24 - Authenticated Command Injection
CVSS 6.4
CVE-2020-26920 HIGH
NETGEAR SRK60/SRR60/SRS60 < 2.5.3.110 - Unauthenticated Command Injection
CVSS 8.8
CVE-2020-26914 MEDIUM
NETGEAR Multiple Routers - Authenticated OS Command Injection
CVSS 6.7
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits