CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-5763 MEDIUM
Tenda CP3 11.10.00.2311090948 - OS Command Injection via sub_F3C8C Function
CVSS 4.7
CVE-2025-5695 MEDIUM
FLIR AX8 Firmware 1.46.0-1.46.16 - Remote Command Injection via subscriptions.php
CVSS 4.7
CVE-2025-5621 HIGH
D-Link DIR-816 1.10CNB05 - OS Command Injection via qosClassifier dip_address/sip_address Parameter
CVSS 7.3
CVE-2025-5620 HIGH
D-Link DIR-816 1.10CNB05 - OS Command Injection via setipsec_config localIP/remoteIP Parameters
CVSS 7.3
CVE-2025-5606 MEDIUM
Tenda AC18 15.03.05.05 - OS Command Injection via formSetIptv
CVSS 6.3
CVE-2025-20278 MEDIUM
Cisco Unified Communications - Command Injection
CVSS 6.0
CVE-2025-5573 MEDIUM
D-Link DCS-932L 2.18.01 - Code Injection
CVSS 6.3
CVE-2025-5571 MEDIUM
D-Link DCS-932L 2.18.01 - Code Injection
CVSS 6.3
CVE-2025-5525 MEDIUM
Jrohy trojan <2.15.3 - Command Injection
CVSS 5.6
CVE-2025-5515 MEDIUM
TOTOLINK X2000R 1.0.0-B20230726.1108 - Command Injection
CVSS 6.3
CVE-2025-5504 MEDIUM
TOTOLINK X2000R 1.0.0-B20230726.1108 - Command Injection
CVSS 6.3
CVE-2025-5502 MEDIUM
TOTOLINK X15 1.0.0-B20230714.1105 - Command Injection
CVSS 6.3
CVE-2025-5492 MEDIUM
D-Link DI-500WF-WT <20250511 - Command Injection
CVSS 6.3
CVE-2025-31710 MEDIUM
EngineerMode Service - Command Injection
CVSS 5.9
CVE-2025-27954 MEDIUM
Philips Clinical Collaboration Platform 12.2.1.5 - Remote Code Execution via Usertoken Function
CVSS 6.5
CVE-2025-27953 MEDIUM
Philips Clinical Collaboration Platform 12.2.1.5 - Remote Code Execution via Session Management Component
CVSS 6.5
CVE-2025-37096 CRITICAL
HPE StoreOnce System < 4.3.11 - Remote Code Execution via Command Injection
CVSS 9.8
CVE-2025-5447 MEDIUM
Linksys RE6500-RE9000 - Code Injection
CVSS 6.3
CVE-2025-37092 CRITICAL
HPE StoreOnce System < 4.3.11 - Remote Code Execution via Command Injection
CVSS 9.8
CVE-2025-37091 HIGH
HPE StoreOnce System < 4.3.11 - Remote Code Execution via Command Injection
CVSS 7.2
CVE-2025-37089 CRITICAL
HPE StoreOnce System < 4.3.11 - Remote Code Execution via Command Injection
CVSS 9.8
CVE-2025-5446 MEDIUM
Linksys RE6500-RE9000 - Command Injection
CVSS 6.3
CVE-2025-5445 MEDIUM
Linksys RE6500-RE9000 - Command Injection
CVSS 6.3
CVE-2025-5444 MEDIUM
Linksys RE6500-RE9000 <1.2.07.001 - Command Injection
CVSS 6.3
CVE-2025-5443 MEDIUM
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 - OS Command Injection via ExtChSelector Parameter
CVSS 6.3
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits