CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,565 vulnerabilities with CWE-77
CVE-2025-9745 MEDIUM
D-Link DI-500WF 14.04.10A1T - Code Injection
CVSS 4.7
CVE-2025-9727 MEDIUM
D-Link DIR-816L 206b01 - Command Injection
CVSS 6.3
CVE-2025-44015 HIGH
QNAP HybridDesk Station 4.2.0-4.2.17 - OS Command Injection
CVSS 8.4
CVE-2025-30264 HIGH
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 8.8
CVE-2025-29887 HIGH
QuRouter <2.5.1.060 - Command Injection
CVSS 7.2
CVE-2025-9654 MEDIUM
AiondaDotCom mcp-ssh <1.0.3 - Command Injection
CVSS 6.3
CVE-2025-9603 MEDIUM
Telesquare TLR-2005KSH 1.2.4 - Command Injection
CVSS 6.3
CVE-2025-48979 LOW
UISP Application - Command Injection
CVSS 3.4
CVE-2025-9586 MEDIUM
Comfast CF-N1 2.6.0 - Command Injection
CVSS 6.3
CVE-2025-9585 MEDIUM
Comfast CF-N1 2.6.0 - Command Injection
CVSS 6.3
CVE-2025-9584 MEDIUM
Comfast CF-N1 2.6.0 - Command Injection
CVSS 6.3
CVE-2025-9583 MEDIUM
Comfast CF-N1 2.6.0 - Command Injection
CVSS 6.3
CVE-2025-9582 MEDIUM
Comfast CF-N1 2.6.0 - Command Injection
CVSS 6.3
CVE-2025-9581 MEDIUM
Comfast CF-N1 2.6.0 - Command Injection
CVSS 6.3
CVE-2025-9580 MEDIUM
LB-LINK BL-X26 1.2.8 - Command Injection
CVSS 6.3
CVE-2025-9579 MEDIUM
LB-LINK BL-X26 1.2.8 - Code Injection
CVSS 6.3
CVE-2025-9575 MEDIUM
Linksys RE6250-RE9000 - Command Injection
CVSS 6.3
CVE-2025-50428 CRITICAL
RaspAP raspap-webgui <3.3.2 - Command Injection
CVSS 9.8
CVE-2025-50989 CRITICAL
OPNsense <25.1.8 - Command Injection
CVSS 9.1
CVE-2025-9528 MEDIUM
Linksys E1700 1.0.0.4.003 - Command Injection
CVSS 4.7
CVE-2025-9424 MEDIUM
Ruijie WS7204-A 2017.06.15 - Code Injection
CVSS 4.7
CVE-2025-50722 CRITICAL
sparkshop 1.1.7 - Remote Code Execution via Common.php Component
CVSS 9.8
CVE-2025-29523 HIGH
D-Link DSL-7740C Firmware DSL7740C.V6.TR069.20211230 - OS Command Injection via Ping6 Function
CVSS 7.2
CVE-2025-44179 MEDIUM
Hitron CGNF-TWN 3.1.1.43-TWN-pre3 - Command Injection
CVSS 6.5
CVE-2025-29522 MEDIUM
D-Link DSL-7740C Firmware DSL7740C.V6.TR069.20211230 - OS Command Injection via Ping Function
CVSS 6.5
Details
Vulnerabilities 3,565
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits