CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2025-26056 MEDIUM
Infinxt iEdge 100 2.1.32 - Command Injection
CVSS 5.4
CVE-2025-3008 MEDIUM
Novastar CX40 <2.44.0 - Command Injection
CVSS 5.5
CVE-2025-3002 HIGH
Digital China DCME-520 <20250320 - Code Injection
CVSS 7.3
CVE-2025-22941 CRITICAL
Adtran 411 Firmware L80.00.0011.M2 - Command Injection
CVSS 9.8
CVE-2025-22939 CRITICAL
Adtran 411 Firmware L80.00.0011.M2 - Command Injection via Telnet Service
CVSS 9.8
CVE-2025-2983 MEDIUM
Legrand SMS PowerView 1.x - Command Injection
CVSS 5.5
CVE-2025-2916 MEDIUM
Aishida Call Center System <20250314 - Command Injection
CVSS 6.3
CVE-2025-29635 HIGH KEV
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
CVSS 7.2
CVE-2025-2733 MEDIUM
mannaandpoem OpenManus <2025.3.13 - Code Injection
CVSS 6.3
CVE-2025-2732 HIGH
H3C Magic NX15/NX30 Pro/NX400/R3010/BE18000 < V100R014 - OS Command Injection
CVSS 8.0
CVE-2025-2731 HIGH
H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 < V100R014 - Command Injection via /api/wizard/getDualbandSync
CVSS 8.0
CVE-2025-2730 HIGH
H3C Magic NX15/NX30 Pro/NX400/R3010/BE18000 < V100R014 - Command Injection via /api/wizard/getssidname
CVSS 8.0
CVE-2025-2729 HIGH
H3C Magic NX15/NX30 Pro/NX400/R3010/BE18000 < V100R014 - OS Command Injection via /api/wizard/networkSetup
CVSS 8.0
CVE-2025-2728 HIGH
H3C Magic NX30 Pro & Magic NX400 <V100R014 - Command Injection
CVSS 8.0
CVE-2025-2727 HIGH
H3C Magic NX30 Pro <V100R007 - Command Injection
CVSS 8.0
CVE-2025-2726 HIGH
H3C Magic NX15/NX30 Pro/NX400/R3010/BE18000 < V100R014 - OS Command Injection via /api/esps
CVSS 8.0
CVE-2025-2725 HIGH
H3C Magic NX15/NX30 Pro/NX400/R3010/BE18000 < V100R014 - OS Command Injection
CVSS 8.0
CVE-2025-2717 MEDIUM
D-Link DIR-823X 240126/240802 - OS Command Injection via diag_nslookup target_addr Parameter
CVSS 4.7
CVE-2025-2701 MEDIUM
Amttgroup Hibos - Command Injection
CVSS 6.3
CVE-2025-29230 HIGH
Linksys E5600 v1.1.0.26 - OS Command Injection via emailReg Function Email Parameter
CVSS 8.6
CVE-2025-29227 MEDIUM
Linksys E5600 V1.1.0.26 - OS Command Injection via pingTest pkgsize Parameter
CVSS 6.3
CVE-2025-29226 MEDIUM
Linksys E5600 V1.1.0.26 - OS Command Injection via pingTest Count Parameter
CVSS 6.3
CVE-2025-29223 MEDIUM
Linksys E5600 v1.1.0.26 - OS Command Injection via traceRoute pt Parameter
CVSS 6.3
CVE-2025-25274 MEDIUM
Mattermost <10.4.2-<10.3.3-<9.11.8 - Command Injection
CVSS 4.3
CVE-2025-22473 HIGH
Dell SmartFabric OS10 10.5.4.0-10.5.4.13, 10.5.5.x, 10.5.6.x, 10.6.0.x - Authenticated Command Injection
CVSS 7.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits