CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2019-14944 MEDIUM
GitLab < 11.11.8, 12 < 12.0.6, 12.1 < 12.1.6 - Command Injection via Gitaly Command-Line Flags
CVSS 6.5
CVE-2019-9972 HIGH
3CX Phone System 16.0.0.1570 - Command Injection
CVSS 8.8
CVE-2019-16864 HIGH
EnterpriseDT CompleteFTP <12.1.4 - RCE
CVSS 8.8
CVE-2019-6288 CRITICAL
Edgecore ECS2020 Firmware 1.0.0.0 - Unauthenticated Command Injection via EXCU_SHELL HTTP Header
CVSS 9.8
CVE-2019-10095 CRITICAL
Apache Zeppelin <0.9.0 - Command Injection
CVSS 9.8
CVE-2019-25029 CRITICAL
Versa Director - OS Command Injection
CVSS 9.8
CVE-2019-7198 CRITICAL
QNAP QTS and QuTS hero - OS Command Injection
CVSS 9.8
CVE-2019-19875 CRITICAL
B&R Industrial Automation APROL < R4.2 - OS Command Injection via AprolCluster Script
CVSS 9.8
CVE-2019-19874 CRITICAL
B&R Industrial Automation APROL < R4.2 - OS Command Injection via Web Interface Scripts
CVSS 9.8
CVE-2019-19872 CRITICAL
B&R Industrial Automation APROL < R4.2 - OS Command Injection via AprolLoader
CVSS 9.8
CVE-2019-14719 HIGH
Verifone MX900 Firmware - OS Command Injection via File Manager
CVSS 7.8
CVE-2019-11853 LOW
ALEOS <4.11.0, 4.9.4 - Command Injection
CVSS 3.9
CVE-2019-5623 CRITICAL
Accellion File Transfer Appliance FTA_8_0_540 - OS Command Injection
CVSS 9.8
CVE-2019-16011 HIGH
Cisco IOS XE SD-WAN - Command Injection
CVSS 7.8
CVE-2019-17101 MEDIUM
Netatmo Smart Indoor Camera Firmware < 4.2.5 - OS Command Injection
CVSS 5.7
CVE-2019-20761 HIGH
NETGEAR R7800 Firmware < 1.0.2.62 - Authenticated Command Injection
CVSS 8.0
CVE-2019-20757 MEDIUM
NETGEAR R7800 Firmware < 1.0.2.62 - Authenticated Command Injection
CVSS 6.8
CVE-2019-20745 MEDIUM
NETGEAR WAC505 and WAC510 Firmware < 5.0.10.2 - Authenticated Command Injection
CVSS 6.8
CVE-2019-20732 MEDIUM
NETGEAR Multiple Devices - Authenticated OS Command Injection
CVSS 6.7
CVE-2019-20727 MEDIUM
NETGEAR D6100/R7800/R8900/R9000/WNDR3700/WNDR4300/WNDR4500/WNR2000/XR500 Firmware - Authenticated Command Injection
CVSS 6.8
CVE-2019-20726 MEDIUM
NETGEAR Multiple Router Models Firmware Authenticated Command Injection
CVSS 6.8
CVE-2019-20724 MEDIUM
NETGEAR Multiple Routers - Authenticated Command Injection
CVSS 6.8
CVE-2019-20722 MEDIUM
NETGEAR Multiple Routers and WiFi Systems - Authenticated Command Injection
CVSS 6.8
CVE-2019-20718 MEDIUM
NETGEAR Multiple Routers - Authenticated Command Injection
CVSS 6.8
CVE-2019-20711 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits