CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,553 vulnerabilities with CWE-77
CVE-2026-6132 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection
CVSS 9.8
CVE-2026-6131 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection
CVSS 9.8
CVE-2026-6130 HIGH
chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection
CVSS 7.3
CVE-2026-6118 MEDIUM
AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection
CVSS 6.3
CVE-2026-6116 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection
CVSS 9.8
CVE-2026-6115 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection
CVSS 9.8
CVE-2026-6114 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection
CVSS 9.8
CVE-2026-6113 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection
CVSS 9.8
CVE-2026-6112 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection
CVSS 9.8
CVE-2026-6108 MEDIUM
1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
CVSS 6.3
CVE-2026-6029 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection
CVSS 9.8
CVE-2026-6028 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection
CVSS 9.8
CVE-2026-6027 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setUrlFilterRules os command injection
CVSS 9.8
CVE-2026-6026 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection
CVSS 9.8
CVE-2026-6025 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setSyslogCfg os command injection
CVSS 9.8
CVE-2026-5997 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
CVSS 9.8
CVE-2026-5996 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
CVSS 9.8
CVE-2026-5995 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
CVSS 9.8
CVE-2026-5994 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection
CVSS 9.8
CVE-2026-5993 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection
CVSS 9.8
CVE-2026-5978 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiAclRules os command injection
CVSS 9.8
CVE-2026-5977 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
CVSS 9.8
CVE-2026-5976 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setStorageCfg os command injection
CVSS 9.8
CVE-2026-5975 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setDmzCfg os command injection
CVSS 9.8
CVE-2026-5974 HIGH
FoundationAgents MetaGPT terminal.py Bash.run os command injection
CVSS 7.3
Details
Vulnerabilities 3,553
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits