CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2018-12465 CRITICAL
Micro Focus SMG <471 - Command Injection
CVSS 9.1
CVE-2018-0712 CRITICAL
QNAP QTS < 4.3.4 - Command Injection in LDAP Server
CVSS 9.8
CVE-2018-5428 HIGH
TIBCO Data Virtualization <7.0.6 - Command Injection
CVSS 8.8
CVE-2018-3746 CRITICAL
pdfinfojs <= 0.3.6 - OS Command Injection
CVSS 9.8
CVE-2018-1111 HIGH
DHCP Client Command Injection (DynoRoot)
CVSS 7.5
CVE-2018-0324 MEDIUM
Cisco Enterprise NFV Infrastructure Software - Authenticated OS Command Injection via CLI Parameter
CVSS 6.7
CVE-2018-0224 MEDIUM
Cisco StarOS - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2018-0217 MEDIUM
Cisco ASR 5000 Series Firmware - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2018-5439 CRITICAL
Nortek Linear eMerge E3 - Command Injection
CVSS 9.8
CVE-2018-0007 CRITICAL
Junos OS Multiple Versions - DoS and RCE via Malicious LLDP Packet
CVSS 9.8
CVE-2017-20156 MEDIUM
Exciting Printer - Command Injection
CVSS 5.5
CVE-2017-18442 MEDIUM
cPanel < 56.0.49 - Authenticated Command Injection via Cpanel::SPFUI API
CVSS 5.3
CVE-2017-18400 HIGH
cPanel < 62.0.35 - Local Root Code Execution via cpdavd
CVSS 7.8
CVE-2017-8413 HIGH
D-Link DCS-1100 and DCS-1130 - Unauthenticated Remote Code Execution via UDP Broadcast Packet Command Injection
CVSS 8.8
CVE-2017-8411 HIGH
D-Link DCS-1130 Firmware - OS Command Injection via SMB Folder Configuration POST Parameter
CVSS 8.8
CVE-2017-8404 CRITICAL
D-Link DCS-1130 Firmware - OS Command Injection via SMB Configuration POST Parameter
CVSS 9.8
CVE-2017-8408 CRITICAL
D-Link DCS-1130 Firmware - OS Command Injection via SMB Test GET Parameter
CVSS 9.8
CVE-2017-8333 HIGH
Securifi Almond AL-R096 - OS Command Injection via Route Destination Parameter
CVSS 8.8
CVE-2017-8331 HIGH
Securifi Almond AL-R096 - OS Command Injection via Port Forwarding IP Parameter
CVSS 8.8
CVE-2017-9384 HIGH
Vera VeraEdge <1.7.19, Veralite <1.7.481 - Info Disclosure
CVSS 8.8
CVE-2017-9388 HIGH
Vera VeraEdge <1.7.19, Veralite <1.7.481 - Info Disclosure
CVSS 8.8
CVE-2017-18378 HIGH
NETGEAR ReadyNAS Surveillance <1.4.3-17 x86 & <1.1.4-7 ARM - RCE via upgrade_handle.php
CVSS 8.4
CVE-2017-18377 CRITICAL
Wireless IP Camera (P2P) WIFICAM Firmware - Unauthenticated Remote Code Execution via set_ftp.cgi pwd Parameter
CVSS 9.8
CVE-2017-15403 HIGH
Google Chrome < 61.0.3163.113 - Command Injection via Crosh Data Validation
CVSS 7.3
CVE-2017-12078 HIGH
Synology Router Manager <1.1.6-6931 - Command Injection
CVSS 7.2
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits