CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,559 vulnerabilities with CWE-77
CVE-2025-15137 HIGH
TRENDnet TEW-800MB 1.0.1.0 - OS Command Injection via NTPSyncWithHost.cgi
CVSS 8.8
CVE-2025-15136 HIGH
TRENDnet TEW-800MB 1.0.1.0 - OS Command Injection via WizardConfigured Parameter
CVSS 8.8
CVE-2025-15133 MEDIUM
ZSPACE Z4Pro+ 1.0.0440024 - OS Command Injection via zfilev2_api_CloseSafe Function
CVSS 6.3
CVE-2025-15132 MEDIUM
ZSPACE Z4Pro+ < 1.0.0440024 - Remote Command Injection via zfilev2_api_open Function
CVSS 6.3
CVE-2025-15131 MEDIUM
ZSPACE Z4Pro+ < 1.0.0440024 - OS Command Injection via zfilev2_api_SafeStatus
CVSS 6.3
CVE-2025-66738 HIGH
Yealink T21P_E2 Phone 52.84.0.15 - RCE
CVSS 8.8
CVE-2025-65885 MEDIUM
Delight Custom Firmware - Local Privilege Escalation
CVSS 5.1
CVE-2025-15081 MEDIUM
JD Cloud BE6500 4.4.1.r4308 - Command Injection
CVSS 6.3
CVE-2025-15048 HIGH
Tenda WH450 1.0.0.18 - OS Command Injection via CheckTools ipaddress Parameter
CVSS 7.3
CVE-2025-25364 HIGH
Speedify < 15.0.0 - Command Injection via me.connectify.SMJobBlessHelper XPC Service
CVSS 8.4
CVE-2025-29229 CRITICAL
Linksys E5600 V1.1.0.26 - OS Command Injection via ddnsStatus Function
CVSS 9.8
CVE-2025-29228 CRITICAL
Linksys E5600 V1.1.0.26 - OS Command Injection via mc.ip Parameter
CVSS 9.8
CVE-2025-50526 CRITICAL
Netgear EX8000 V1.0.0.126 - Command Injection
CVSS 9.8
CVE-2025-45493 MEDIUM
Netgear EX8000 Firmware V1.0.0.126 - Command Injection via iface Parameter in action_bandwidth Function
CVSS 6.5
CVE-2025-67436 MEDIUM
PluXml CMS 5.8.22 - Authenticated Remote Code Execution via Theme File Injection
CVSS 6.5
CVE-2025-14884 HIGH
D-Link DIR-605 202WWB03 - OS Command Injection in Firmware Update Service
CVSS 7.2
CVE-2025-68433 HIGH
Zed < 0.218.2-pre MCP Configuration - Project-Open Code Execution
CVSS 7.7
CVE-2025-68432 HIGH
Zed < 0.218.2-pre LSP Configuration - Project-Open Code Execution
CVSS 7.7
CVE-2025-55901 MEDIUM
TOTOLINK A3300R V17.0.0cu.596_B20250515 - Command Injection
CVSS 6.5
CVE-2025-55893 MEDIUM
TOTOLINK N200RE V9.3.5u.6437_B20230519 - Command Injection
CVSS 6.5
CVE-2025-14707 CRITICAL
sgwbox N3 Firmware < 2.0.25 - Remote Command Injection via http_eshell_server params Argument
CVSS 9.8
CVE-2025-14706 CRITICAL
sgwbox N3 < 2.0.25 - Remote Command Injection via NETREBOOT Interface
CVSS 9.8
CVE-2025-14705 CRITICAL
sgwbox N3 Firmware < 2.0.25 - OS Command Injection via SHARESERVER Feature Params Argument
CVSS 9.8
CVE-2025-14659 HIGH
D-Link DIR-860LB1/DIR-868LB1 - Command Injection
CVSS 8.8
CVE-2025-14648 MEDIUM
dedebiz < 6.5.9 - Remote Command Injection via /src/admin/catalog_add.php
CVSS 4.7
Details
Vulnerabilities 3,559
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits