CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,552 vulnerabilities with CWE-77
CVE-2026-38702 CRITICAL
InHand Networks IR302 V3.5.108, IR305/IR315/IR615 V1.0.118 - Command Injection
CVSS 9.8
CVE-2026-5509 HIGH
Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200
CVSS 7.2
CVE-2026-38945 HIGH
Raynet rvia 12.6.4392.49-amd64.deb - OS Command Injection via Java Search Path
CVSS 7.8
CVE-2026-36540 HIGH
Netis AC1200 Router NC21 V4.0.1.4296 - Unauthenticated Remote Code Execution via skk_set.cgi POST Parameters
CVSS 7.3
CVE-2026-48694 HIGH
FastNetMon Community Edition <= 1.2.9 - Configuration Injection via Juniper Plugin IP_ATTACK Variable
CVSS 8.1
CVE-2026-9565 MEDIUM
haojing8312 WorkClaw Blacklist bash.rs is_dangerous os command injection
CVSS 6.3
CVE-2026-46368 HIGH
luci-app-https-dns-proxy Authenticated Command Injection via setInitAction
CVSS 8.8
CVE-2026-40034 HIGH
gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
CVSS 7.8
CVE-2026-9543 CRITICAL
Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection
CVSS 9.8
CVE-2026-9534 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os command injection
CVSS 6.3
CVE-2026-9533 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi recvUpgradeNewFw os command injection
CVSS 6.3
CVE-2026-9532 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os command injection
CVSS 6.3
CVE-2026-9531 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection
CVSS 6.3
CVE-2026-9515 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection
CVSS 6.3
CVE-2026-9514 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setNetworkDiag os command injection
CVSS 6.3
CVE-2026-9513 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection
CVSS 6.3
CVE-2026-9512 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setPasswordCfg os command injection
CVSS 6.3
CVE-2026-9511 MEDIUM
Totolink CA750-PoE Setting cstecgi.cgi setWebWlanIdx os command injection
CVSS 6.3
CVE-2026-9478 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setParentalRules os command injection
CVSS 9.8
CVE-2026-9477 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setAccessDeviceCfg os command injection
CVSS 9.8
CVE-2026-9476 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setPasswordCfg os command injection
CVSS 9.8
CVE-2026-9475 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setIpQosRules os command injection
CVSS 9.8
CVE-2026-9458 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection
CVSS 9.8
CVE-2026-9457 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection
CVSS 9.8
CVE-2026-9456 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection
CVSS 9.8
Details
Vulnerabilities 3,552
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits