CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2020-26910 HIGH
NETGEAR CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 Firmware - Authenticated Command Injection
CVSS 8.4
CVE-2020-26909 HIGH
NETGEAR D7800 and R7500v2 - Unauthenticated Command Injection
CVSS 8.8
CVE-2020-26907 CRITICAL
NETGEAR RBK852 RBR850 RBS850 < 3.2.16.6 - Unauthenticated Command Injection
CVSS 9.6
CVE-2020-26902 CRITICAL
NETGEAR RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 < 3.2.15.25 - Unauthenticated Command Injection
CVSS 9.6
CVE-2020-15228 LOW
@actions/core <1.2.6 - Info Disclosure
CVSS 3.5
CVE-2020-0130 HIGH
Android 11 - Local Privilege Escalation via Screencap Command Injection
CVSS 7.8
CVE-2020-11698 CRITICAL
SpamTitan 7.07 - Remote Code Execution via SNMP Community Parameter
CVSS 9.8
CVE-2020-24561 CRITICAL
Trend Micro ServerProtect for Linux 3.0 - Command Injection
CVSS 9.1
CVE-2020-14100 CRITICAL
Xiaomi R3600 Firmware < 1.0.66 - Authenticated Remote Code Execution via set_WAN6 Interface
CVSS 9.8
CVE-2020-14342 MEDIUM
cifs-utils 5.6-6.10 - OS Command Injection via Samba Password Request
CVSS 4.4
CVE-2020-11117 CRITICAL
Qualcomm IPQ4019/IPQ6018/IPQ8064/IPQ8074/QCA4531/QCA9531/QCA9980 Firmware - RCE via lbd Service Debug Command
CVSS 9.8
CVE-2020-9199 MEDIUM
Huawei B2368-22, B2368-57, B2368-66 Firmware V100R001C00 - Authenticated Command Injection via LAN Parameter
CVSS 6.8
CVE-2020-25079 HIGH KEV
D-Link DCS-2530L < 1.06.01 and DCS-2670L <= 2.02 - Authenticated Command Injection via ddns_enc.cgi
CVSS 8.8
CVE-2020-25067 CRITICAL
NETGEAR R8300 Firmware < 1.0.2.134 - Unauthenticated Command Injection
CVSS 9.6
CVE-2020-10518 HIGH
GitHub Enterprise Server < 2.19.21 - Remote Code Execution via GitHub Pages Configuration
CVSS 8.8
CVE-2020-15642 HIGH
Marvell QConvergeConsole < 5.5.00.73 - Remote Code Execution via GWTTestServiceImpl isHPSmartComponent
CVSS 8.8
CVE-2020-8233 HIGH
EdgeSwitch <v1.9.0 - Command Injection
CVSS 8.8
CVE-2020-8211 CRITICAL
Citrix XenMobile <10.12 - SQL Injection
CVSS 9.8
CVE-2020-9242 HIGH
FusionCompute 8.0.0 - Authenticated Command Injection
CVSS 8.8
CVE-2020-7697 CRITICAL
mock2easy - OS Command Injection via _data Variable
CVSS 9.8
CVE-2020-13919 CRITICAL
Ruckus Wireless Unleashed < 200.7.10.102.92 - Remote Command Injection via Crafted HTTP Request
CVSS 9.8
CVE-2020-13917 CRITICAL
Ruckus Wireless Unleashed < 200.7.10.102.92 - Remote Command Injection via rkscli
CVSS 9.8
CVE-2020-9688 HIGH
Adobe Download Manager 2.0.0.518 - Command Injection
CVSS 7.8
CVE-2020-14505 CRITICAL
Advantech iView < 5.6 - Remote Code Execution via HTTP Request Command Injection
CVSS 9.8
CVE-2020-11084 MEDIUM
ipear - OS Command Injection via Manual eval() Execution
CVSS 6.4
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits