CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,552 vulnerabilities with CWE-77
CVE-2026-9455 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection
CVSS 9.8
CVE-2026-9454 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCertGenerationCfg os command injection
CVSS 9.8
CVE-2026-9453 HIGH
FoundDream miniclawd SkillsLoader skills-loader.ts which command injection
CVSS 7.3
CVE-2026-9452 HIGH
FoundDream miniclawd exec.ts ExecTool.execute os command injection
CVSS 7.3
CVE-2026-9441 MEDIUM
Edimax BR-6478AC POST Request formiNICbasic command injection
CVSS 6.3
CVE-2026-9440 MEDIUM
Edimax BR-6478AC POST Request formAccept command injection
CVSS 6.3
CVE-2026-9439 MEDIUM
Edimax BR-6675nD stainfo command injection
CVSS 6.3
CVE-2026-9437 MEDIUM
DTStack Taier REST API Runtime.exec os command injection
CVSS 6.3
CVE-2026-9436 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection
CVSS 9.8
CVE-2026-9435 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setQosCfg os command injection
CVSS 9.8
CVE-2026-9434 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setWiFiWpsCfg os command injection
CVSS 9.8
CVE-2026-9433 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection
CVSS 9.8
CVE-2026-9432 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection
CVSS 9.8
CVE-2026-9424 MEDIUM
Edimax EW-7438RPn Content-Type formWlanMP os command injection
CVSS 6.3
CVE-2026-9423 MEDIUM
Edimax BR-6675nD POST Request mp command injection
CVSS 4.7
CVE-2026-9408 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setStaticDhcpRules os command injection
CVSS 9.8
CVE-2026-9407 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setFirewallType os command injection
CVSS 9.8
CVE-2026-9406 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setRemoteCfg os command injection
CVSS 9.8
CVE-2026-9405 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setGameSpeedCfg os command injection
CVSS 9.8
CVE-2026-9404 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setDdnsCfg os command injection
CVSS 9.8
CVE-2026-9402 MEDIUM
Edimax BR-6675nD POST Request formWlanMP command injection
CVSS 6.3
CVE-2026-9400 MEDIUM
Edimax BR-6675nD POST Request formUSBStorage command injection
CVSS 6.3
CVE-2026-9388 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setScheduleCfg os command injection
CVSS 9.8
CVE-2026-9387 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setUpgradeFW os command injection
CVSS 9.8
CVE-2026-9386 CRITICAL
Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection
CVSS 9.8
Details
Vulnerabilities 3,552
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits