CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-3987 MEDIUM
TOTOLINK N150RT 3.4.0-B20190525 - Command Injection
CVSS 6.3
CVE-2025-3983 MEDIUM
AMTT Hotel Broadband Operation System 1.0 - Command Injection
CVSS 4.7
CVE-2025-43858 CRITICAL
YoutubeDLSharp 1.0.0-beta4-1.1.1 - Command Injection via Windows Encoding Workaround
CVSS 9.2
CVE-2025-28017 MEDIUM
TOTOLINK A800R V4.1.2cu.5032_B20200408 - OS Command Injection via QUERY_STRING Parameter
CVSS 6.5
CVE-2025-29743 MEDIUM
D-Link DIR-816 A2V1.1.0B05 - OS Command Injection via delRouting Endpoint
CVSS 6.5
CVE-2025-43948 HIGH
Codemers KLIMS 1.6.DEV - Code Injection
CVSS 7.3
CVE-2025-3816 MEDIUM
westboy CicadasCMS 2.0 - OS Command Injection in Scheduled Task Handler
CVSS 4.7
CVE-2025-29209 CRITICAL
TOTOLINK X18 v9.1.0cu.2024_B20220329 - Unauthenticated OS Command Injection via enable Parameter
CVSS 9.8
CVE-2025-43012 HIGH
JetBrains Toolbox App <2.6 - Command Injection
CVSS 8.3
CVE-2025-3729 HIGH
Web-based Pharmacy Product Management System 1.0 - OS Command Injection via Database Backup Handler
CVSS 7.3
CVE-2025-28145 MEDIUM
Edimax BR-6478AC V3 Firmware 1.0.15 - OS Command Injection via Disk Format Partition Parameter
CVSS 6.5
CVE-2025-28143 MEDIUM
Edimax BR-6478AC V3 Firmware 1.0.15 - OS Command Injection via Groupname Parameter
CVSS 6.5
CVE-2025-28142 MEDIUM
Edimax BR-6478AC V3 Firmware 1.0.15 - OS Command Injection via formDiskCreateShare foldername Parameter
CVSS 6.5
CVE-2025-3546 HIGH
H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 < V100R014 - Command Injection via FCGI_CheckStringIfContainsSemicolon
CVSS 8.0
CVE-2025-3545 HIGH
H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 < V100R014 - Command Injection via FCGI_CheckStringIfContainsSemicolon
CVSS 8.0
CVE-2025-3544 HIGH
H3C Magic NX15/NX30 Pro/NX400/R3010/BE18000 < V100R014 - Command Injection
CVSS 8.0
CVE-2025-3543 HIGH
H3C Magic NX15-400 & R3010 <V100R014 - Command Injection
CVSS 8.0
CVE-2025-3542 HIGH
H3C Magic NX15, Magic NX400, Magic R3010 V100R014 < V100R014 - Command Injection
CVSS 8.0
CVE-2025-3541 HIGH
H3C Magic NX15-400 - Command Injection
CVSS 8.0
CVE-2025-3540 HIGH
H3C Magic NX15-400 & R3010 - Command Injection
CVSS 8.0
CVE-2025-3539 HIGH
H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 < V100R014 - Command Injection via FCGI_CheckStringIfContainsSemicolon
CVSS 8.0
CVE-2025-27083 HIGH
AOS-10 GW/AOS-8 - Command Injection
CVSS 7.2
CVE-2025-3249 MEDIUM
TOTOLINK A6000R 1.0.1-B20201211.2000 - Command Injection
CVSS 6.3
CVE-2025-29063 CRITICAL
BL-AC2100 Firmware < 1.0.4 - Remote Code Execution via enable Parameter in set_hidessid_cfg
CVSS 9.8
CVE-2025-29062 CRITICAL
BL-AC2100 <=1.0.4 - Remote Code Execution via time1 and time2 Parameters
CVSS 9.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits