CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2019-20710 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20709 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20708 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20707 HIGH
NETGEAR R7800 and XR500 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20706 HIGH
NETGEAR R7800 and XR500 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20705 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20704 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20703 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20702 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20701 HIGH
NETGEAR XR500 D3600 D6000 Firmware - Authenticated Command Injection
CVSS 8.0
CVE-2019-20689 MEDIUM
NETGEAR Multiple Devices - Authenticated OS Command Injection
CVSS 6.8
CVE-2019-20688 MEDIUM
NETGEAR Multiple Devices - Authenticated OS Command Injection
CVSS 6.8
CVE-2019-20680 HIGH
NETGEAR Multiple Routers - Authenticated OS Command Injection
CVSS 8.0
CVE-2019-20659 HIGH
NETGEAR R6400v2/R6700/R6700v3/R6900/R7900 - Authenticated Command Injection
CVSS 7.2
CVE-2019-20655 HIGH
NETGEAR XR500 and XR700 Firmware - Authenticated Command Injection
CVSS 7.8
CVE-2019-20651 MEDIUM
NETGEAR WAC505 and WAC510 Firmware < 8.2.1.16 - Authenticated Command Injection
CVSS 6.7
CVE-2019-14868 HIGH
ksh 20120801 - Command Injection via Environment Variable Handling
CVSS 7.4
CVE-2019-9507 HIGH
Vertiv Avocent UMG-4000 <4.2.1.19 - Command Injection
CVSS 8.3
CVE-2019-16012 HIGH
Cisco SD-WAN Solution vManage - SQL Injection
CVSS 8.1
CVE-2019-12921 MEDIUM
GraphicsMagick < 1.3.32 - Arbitrary File Read via SVG TranslateTextEx
CVSS 6.5
CVE-2019-12430 HIGH
GitLab 11.11 - Authenticated Remote Command Execution via Repository Download Feature
CVSS 8.8
CVE-2019-15609 CRITICAL
kill-port-process < 2.2.0 - OS Command Injection
CVSS 9.8
CVE-2019-5323 HIGH
Aruba AirWave 8.0.0-8.2.10.0 - Authenticated Command Injection via Input Field
CVSS 7.2
CVE-2019-4635 LOW
IBM Security Secret Server 10.7 - Command Injection
CVSS 2.7
CVE-2019-16005 HIGH
Cisco Webex Video Mesh - Command Injection
CVSS 7.2
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits