CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-44860 MEDIUM
TOTOLINK CA300-POE V6.2c.884_B20180522 - OS Command Injection via msg_process Port Parameter
CVSS 6.5
CVE-2025-44848 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via msg_process Url Parameter
CVSS 6.5
CVE-2025-44847 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via setWebWlanIdx webWlanIdx Parameter
CVSS 6.3
CVE-2025-44846 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via recvUpgradeNewFw fwUrl Parameter
CVSS 6.3
CVE-2025-44845 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via NTPSyncWithHost hostTime Parameter
CVSS 6.5
CVE-2025-44844 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via setUpgradeFW FileName Parameter
CVSS 6.5
CVE-2025-44843 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via CloudSrvUserdataVersionCheck URL Parameter
CVSS 6.5
CVE-2025-44842 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via msg_process Port Parameter
CVSS 6.5
CVE-2025-44841 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via CloudSrvUserdataVersionCheck Version Parameter
CVSS 6.5
CVE-2025-44840 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via CloudSrvUserdataVersionCheck svn Parameter
CVSS 6.5
CVE-2025-44839 MEDIUM
TOTOLINK CA600-PoE V5.3c.6665_B20180820 - OS Command Injection via CloudSrvUserdataVersionCheck magicid Parameter
CVSS 6.5
CVE-2025-44838 MEDIUM
TOTOLINK CP900 V6.3c.1144_B20190715 - OS Command Injection via setUploadUserData FileName Parameter
CVSS 6.3
CVE-2025-44837 MEDIUM
TOTOLINK CP900 V6.3c.1144_B20190715 - OS Command Injection via CloudSrvUserdataVersionCheck URL or MagicID Parameter
CVSS 6.3
CVE-2025-44836 MEDIUM
TOTOLINK CP900 V6.3c.1144_B20190715 - OS Command Injection via setApRebootScheCfg Hour/Minute Parameters
CVSS 6.3
CVE-2025-44854 MEDIUM
TOTOLINK CP900 V6.3c.1144_B20190715 - OS Command Injection via setUpgradeUboot FileName Parameter
CVSS 6.3
CVE-2025-44835 MEDIUM
D-Link DIR-816 A2 V1.1.0B05 - OS Command Injection via iptablesWebsFilterRun
CVSS 6.3
CVE-2025-4135 MEDIUM
Netgear WG302v2 Firmware < 5.2.9 - Remote Command Injection via ui_get_input_value Host Argument
CVSS 6.3
CVE-2025-4122 MEDIUM
Netgear JWNR2000v2 1.0.0.11 - Command Injection via host Argument in sub_435E04
CVSS 6.3
CVE-2025-4121 MEDIUM
Netgear JWNR2000v2 1.0.0.11 - OS Command Injection via cmd_wireless host Argument
CVSS 6.3
CVE-2025-45011 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - Remote Code Execution via foreigner-search.php searchdata Parameter
CVSS 5.3
CVE-2025-45010 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - RCE via normal-bwdates-reports-details.php
CVSS 5.3
CVE-2025-45009 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - Remote Code Execution via Search Parameter HTML Injection
CVSS 5.3
CVE-2025-4076 MEDIUM
LB-LINK BL-AC3600 <1.0.22 - Command Injection
CVSS 6.3
CVE-2025-4089 MEDIUM
Firefox < 138.0 - Command Injection via Copy as cURL Feature
CVSS 5.1
CVE-2025-4032 MEDIUM
inclusionai aworld - OS Command Injection in shell_tool.py
CVSS 5.0
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits