CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,559 vulnerabilities with CWE-77
CVE-2025-14106 HIGH
ZSPACE Q2C NAS <= 1.1.0210050 - OS Command Injection via zfilev2_api.CloseSafe
CVSS 8.8
CVE-2025-14094 MEDIUM
Edimax BR-6478AC V3 1.0.15 - OS Command Injection via sysCmd Argument
CVSS 4.7
CVE-2025-14093 MEDIUM
Edimax BR-6478AC V3 1.0.15 - OS Command Injection via Traceroute Host Parameter
CVSS 4.7
CVE-2025-64052 MEDIUM
Fanvil x210 V2 2.12.20 - Unauthenticated OS Command Injection
CVSS 5.1
CVE-2025-14092 MEDIUM
Edimax BR-6478AC V3 1.0.15 - OS Command Injection via host Argument in formDebugDiagnosticRun
CVSS 4.7
CVE-2025-1910 MEDIUM
WatchGuard Mobile VPN <12.11.2 - Privilege Escalation
CVE-2025-66404 MEDIUM
MCP Server Kubernetes <2.9.8 - Code Injection
CVSS 6.4
CVE-2025-66032 CRITICAL
Claude Code < 1.0.93 - Remote Code Execution via Shell Command Parsing Bypass
CVSS 9.8
CVE-2025-57201 HIGH
AVTECH DGM1104 Firmware FullImg-1015-1004-1006-1003 - Authenticated Command Injection via SMB Server Function
CVSS 8.8
CVE-2025-57199 HIGH
AVTECH DGM1104 FullImg-1015-1004-1006-1003 - Authenticated Command Injection via NetFailDetectD Binary
CVSS 8.8
CVE-2025-57198 HIGH
AVTECH DGM1104 FullImg-1015-1004-1006-1003 - Authenticated Command Injection via Machine.cgi Endpoint
CVSS 8.8
CVE-2025-57200 MEDIUM
AVTECH DGM1104 Firmware FullImg-1015-1004-1006-1003 - Authenticated Command Injection via test_mail Function
CVSS 6.5
CVE-2025-65657 MEDIUM
FeehiCMS 2.1.1 - Authenticated Remote Code Execution via Unrestricted File Upload in Ad Management
CVSS 6.5
CVE-2025-66399 HIGH
Cacti < 1.2.29 - Authenticated Command Injection via SNMP Community String
CVSS 8.8
CVE-2025-60854 CRITICAL
D-Link R15 (AX1500) <1.20.01 - Command Injection
CVSS 9.8
CVE-2025-13800 MEDIUM
ADSLR NBR1005GPEV2 < 250814-r037c - OS Command Injection via set_mesh_disconnect mac Parameter
CVSS 6.3
CVE-2025-13799 MEDIUM
ADSLR B-QE2W401 Firmware < 250814-r037c - OS Command Injection via /send_order.cgi mac Parameter
CVSS 6.3
CVE-2025-13798 MEDIUM
ADSLR NBR1005GPEV2 < 250814-r037c - Remote Command Injection via send_order.cgi mac Parameter
CVSS 6.3
CVE-2025-13797 MEDIUM
ADSLR B-QE2W401 < 250814-r037c - OS Command Injection via del_swifimac Parameter
CVSS 6.3
CVE-2025-66219 CRITICAL
willitmerge <0.2.1 - Command Injection
CVSS 9.8
CVE-2025-63674 MEDIUM
Blurams Lumi Security Camera <v23.1227.472.2926 - RCE
CVSS 6.8
CVE-2025-11921 HIGH
iStats 7.10.4 - Local Privilege Escalation via Insecure XPC Service
CVE-2025-13562 HIGH
D-Link DIR-852 1.00 - Remote Command Injection via gena.cgi Service Argument
CVSS 7.3
CVE-2025-65946 HIGH
Roo Code <3.26.7 - Command Injection
CVSS 8.1
CVE-2025-13442 HIGH
UTT 750W < 3.2.2-191225 - OS Command Injection via formPdbUpConfig policyNames Parameter
CVSS 7.3
Details
Vulnerabilities 3,559
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits