CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2017-8131 HIGH
FusionSphere OpenStack V100R006C00 and V100R006C10 - Unauthenticated Command Injection via TCP Listening Ports
CVSS 8.8
CVE-2017-2736 HIGH
Huawei VCM5010 Firmware < V100R002C50SPC100 - Authenticated Command Injection
CVSS 7.2
CVE-2017-2719 HIGH
FusionSphere OpenStack V100R006C00 and V100R006C10RC2 - Command Injection via Port Input
CVSS 8.8
CVE-2017-2718 HIGH
FusionSphere OpenStack V100R006C00 and V100R006C10RC2 - Command Injection via Port Input
CVSS 8.8
CVE-2017-2692 HIGH
Huawei P8 Lite Firmware < ALE-L02C635B140 - Command Injection
CVSS 7.8
CVE-2017-13071 CRITICAL
QNAP Video Station <= 5.1.3 (for QTS 4.3.3) and <= 5.2.0 (for QTS 4.3.4) - Remote Command Execution
CVSS 9.8
CVE-2017-12305 MEDIUM
Cisco IP Phone 8800 - Command Injection
CVSS 6.7
CVE-2017-12094 HIGH
Circle with Disney 2.0.1 - OS Command Injection via WiFi SSID Parsing
CVSS 7.4
CVE-2017-12277 HIGH
Cisco Firepower < - Command Injection
CVSS 8.8
CVE-2017-13069 CRITICAL
QNAP Music Station < 4.8.6 - Remote Command Injection
CVSS 9.8
CVE-2017-1407 HIGH
IBM Security Identity Manager 6.0-7.0 - Authenticated Remote Command Execution
CVSS 8.8
CVE-2017-14081 HIGH
Trend Micro Mobile Security <9.7.3 - Command Injection
CVSS 8.8
CVE-2017-1352 MEDIUM
IBM Maximo Asset Mgmt <7.6 - Command Injection
CVSS 5.5
CVE-2017-6794 MEDIUM
Cisco Meeting Server - Command Injection
CVSS 6.7
CVE-2017-6327 HIGH KEV
Symantec Messaging Gateway < 10.6.3-267 - Remote Code Execution
CVSS 8.8
CVE-2017-12756 HIGH
extplorer < 2.1.9 - OS Command Injection via userfile[0] Parameter
CVSS 7.2
CVE-2017-11392 HIGH
Trend Micro InterScan Messaging Security Virtual Appliance 9.0-9.1 - RCE via modTMCSS Proxy
CVSS 8.8
CVE-2017-11391 HIGH
Trend Micro InterScan Messaging Security Virtual Appliance 9.0-9.1 - RCE via modTMCSS Proxy
CVSS 8.8
CVE-2017-9980 CRITICAL
Green Packet DX-350 Firmware v2.8.9.5-g1.4.8-atheeb - OS Command Injection via PING pip Parameter
CVSS 9.8
CVE-2017-7977 CRITICAL
eLux RP < 5.5.0 - Command Injection via Screensavercc Configuration Dialog
CVSS 9.8
CVE-2017-2349 CRITICAL
Juniper Networks Junos OS - Command Injection
CVSS 9.9
CVE-2017-4054 HIGH
McAfee ATD <3.10-3.4 - Command Injection
CVSS 8.8
CVE-2017-4984 CRITICAL
EMC VNX2 <8.1.9.211 & VNX1 <7.1.80.8 - Command Injection
CVSS 9.8
CVE-2017-7876 CRITICAL
QTS < 4.2.6 - OS Command Injection
CVSS 10.0
CVE-2017-4918 CRITICAL
VMware Horizon View Client <4.5.0 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits