CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2020-3275 HIGH
Cisco Small Business - Command Injection
CVSS 7.2
CVE-2020-3274 HIGH
Cisco Small Business - Command Injection
CVSS 7.2
CVE-2020-4432 HIGH
IBM Aspera Products - Authenticated Command Injection via SOAP API
CVSS 7.5
CVE-2020-5299 MEDIUM
OctoberCMS 1.0.319-1.0.465 - CSV Injection via ImportExportController
CVSS 4.0
CVE-2020-3224 HIGH
Cisco IOS XE - Privilege Escalation
CVSS 8.8
CVE-2020-3219 HIGH
Cisco IOS XE - Authenticated Remote Code Execution via Web UI Input Validation Bypass
CVSS 8.8
CVE-2020-3212 HIGH
Cisco IOS XE - Authenticated Remote Code Execution via Web UI File Upload
CVSS 7.2
CVE-2020-3211 HIGH
Cisco IOS XE - Privilege Escalation
CVSS 7.2
CVE-2020-3210 MEDIUM
Cisco IOS - Authenticated OS Command Injection via VDS CLI Command Arguments
CVSS 6.7
CVE-2020-3207 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via Boot Options Processing
CVSS 6.7
CVE-2020-11079 HIGH
node-dns-sync <0.2.1 - Command Injection
CVSS 8.6
CVE-2020-8171 CRITICAL
AirMax AirOS <6.3.0 - Command Injection
CVSS 9.8
CVE-2020-11073 HIGH
Autoswitch Python Virtualenv <0.16.0 - RCE
CVSS 7.9
CVE-2020-11789 CRITICAL
NETGEAR R6400v2/R6700/R6700v3/R6900/R7900 - Unauthenticated Command Injection
CVSS 9.8
CVE-2020-11770 HIGH
NETGEAR Multiple Routers and Gateways - Authenticated Command Injection
CVSS 8.8
CVE-2020-10514 HIGH
iCatch DVR <20200103 - Command Injection
CVSS 8.8
CVE-2020-10826 CRITICAL
Draytek Vigor3900-300B <1.5.1 - Command Injection
CVSS 9.8
CVE-2020-6811 HIGH
Firefox < 74.0 and Firefox ESR < 68.6.0 - Command Injection via Devtools Copy as cURL
CVSS 8.8
CVE-2020-3266 HIGH
Cisco SD-WAN Solution - Command Injection
CVSS 7.8
CVE-2020-1980 HIGH
PAN-OS 8.1.0-8.1.12 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2020-3176 MEDIUM
Cisco Remote PHY Device Software - Command Injection
CVSS 6.7
CVE-2020-3924 MEDIUM
TONNET TAT-76 and TAT-77 Series DVR Firmware - OS Command Injection via Patch File
CVSS 6.4
CVE-2020-1790 HIGH
GaussDB 200 <6.5.1 - Command Injection
CVSS 8.8
CVE-2020-1811 HIGH
GaussDB 200 <6.5.1 - Command Injection
CVSS 8.8
CVE-2020-3760 CRITICAL
Adobe Digital Editions <4.5.10 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits