CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-48705 MEDIUM
Wavlink AC1200 M32A3_V1410_230602 and M32A3_V1410_240222 - Authenticated Command Injection via newpass Field in adm.cgi
CVSS 6.5
CVE-2024-53945 HIGH
KuWFi 4G AC900 LTE router 1.0.13 - Command Injection
CVSS 8.8
CVE-2024-57338 MEDIUM
M2Soft CROWNIX Report & ERS <5.5.14.1070, <7.4.3.960, <8.2.0.345 - RCE
CVSS 6.5
CVE-2024-57337 MEDIUM
M2Soft CROWNIX Report & ERS <5.5.14.1070, <7.4.3.960, <8.2.0.345 - RCE
CVSS 6.5
CVE-2024-55063 HIGH
EasyVirt DC NetScope <= 8.7.0 - Authenticated Remote Code Execution via International Settings Parameters
CVSS 8.8
CVE-2024-55466 MEDIUM
ThingsBoard < 3.8.1 - Arbitrary File Upload and Remote Code Execution via Image Gallery
CVSS 6.5
CVE-2024-12442 CRITICAL
EnerSys AMPA <24.16 - Command Injection
CVSS 9.8
CVE-2024-11861 CRITICAL
EnerSys AMPA <22.09 - Command Injection
CVSS 9.8
CVE-2024-57235 CRITICAL
NETGEAR RAX50 Firmware V1.0.2.26 - OS Command Injection via iface Parameter in vif_enable Function
CVSS 9.8
CVE-2024-57234 CRITICAL
NETGEAR RAX5 Firmware V1.0.2.26 - OS Command Injection via apcli_cancel_wps ifname Parameter
CVSS 9.8
CVE-2024-57233 CRITICAL
NETGEAR RAX5 Firmware 1.0.2.26 - OS Command Injection via iface Parameter in vif_disable Function
CVSS 9.8
CVE-2024-57232 CRITICAL
NETGEAR RAX5 Firmware V1.0.2.26 - OS Command Injection via apcli_wps_gen_pincode ifname Parameter
CVSS 9.8
CVE-2024-57231 CRITICAL
NETGEAR RAX5 Firmware V1.0.2.26 - OS Command Injection via apcli_do_enr_pbc_wps ifname Parameter
CVSS 9.8
CVE-2024-57230 CRITICAL
NETGEAR RAX5 Firmware 1.0.2.26 - OS Command Injection via apcli_do_enr_pin_wps ifname Parameter
CVSS 9.8
CVE-2024-57229 CRITICAL
NETGEAR RAX5 Firmware V1.0.2.26 - OS Command Injection via reset_wifi devname Parameter
CVSS 9.8
CVE-2024-40445 HIGH
Forkosh Mime TeX <1.77 - Path Traversal
CVSS 7.3
CVE-2024-46089 MEDIUM
74cms <= 3.33.0 - Remote Code Execution via Background API Interface
CVSS 6.3
CVE-2024-53305 HIGH
benbusby/whoogle_search < 0.9.1 - Remote Code Execution via Crafted Search Query
CVSS 7.3
CVE-2024-40070 MEDIUM
Sourcecodester Online ID Generator System 1.0 - RCE
CVSS 5.1
CVE-2024-36842 HIGH
Oncord+ Android Infotainment Systems OS <Android 12 - RCE
CVSS 7.3
CVE-2024-54802 CRITICAL
Netgear WNR854T 1.5.2 - Stack-Based Buffer Overflow via UPNP M-SEARCH Host Header
CVSS 9.8
CVE-2024-9773 LOW
GitLab 14.9.0-17.8.5, 17.9.0-17.8.2, 17.10.0 - Command Injection via Harbor Registry CLI Integration
CVSS 3.7
CVE-2024-55030 CRITICAL
NASA Fprime v3.4.3 - Command Injection via Command Dispatcher Service
CVSS 9.8
CVE-2024-8156 CRITICAL
significant-gravitas/autogpt - Command Injection
CVSS 9.8
CVE-2024-48017 MEDIUM
Dell SmartFabric OS10 10.5.4.0-10.5.4.13, 10.5.5.x, 10.5.6.x, 10.6.0.x - Authenticated Remote Code Execution
CVSS 6.5
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits