CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-41783 CRITICAL
IBM Sterling Secure Proxy 6.0.0.0-6.0.0.3, 6.1.0.0, 6.2.0.0 - Authenticated Command Injection
CVSS 9.1
CVE-2024-54681 LOW
Multiple bash files - Info Disclosure
CVSS 3.5
CVE-2024-54660 HIGH
Cloudera JDBC Connector - Code Injection
CVSS 8.7
CVE-2024-57583 CRITICAL
Tenda AC18 V15.03.05.19 - OS Command Injection via usbName Parameter
CVSS 9.8
CVE-2024-39783 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via restart_week Parameter
CVSS 9.1
CVE-2024-39782 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via adm.cgi sch_reboot() restart_min Parameter
CVSS 9.1
CVE-2024-39781 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via adm.cgi sch_reboot() restart_hour Parameter
CVSS 9.1
CVE-2024-39765 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via custom_interface POST Parameter
CVSS 9.1
CVE-2024-39764 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via dest POST Parameter
CVSS 9.1
CVE-2024-39763 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via gateway POST Parameter
CVSS 9.1
CVE-2024-39762 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via netmask POST Parameter
CVSS 9.1
CVE-2024-39761 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Unauthenticated OS Command Injection via restart_week_value Parameter
CVSS 10.0
CVE-2024-39760 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - OS Command Injection via login.cgi restart_min_value
CVSS 10.0
CVE-2024-39759 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Unauthenticated OS Command Injection via login.cgi restart_hour_value Parameter
CVSS 10.0
CVE-2024-39367 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via firewall.cgi iptablesWebsFilterRun()
CVSS 9.1
CVE-2024-39360 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via nas.cgi remove_dir()
CVSS 9.1
CVE-2024-37186 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Authenticated OS Command Injection via adm.cgi set_ledonoff()
CVSS 9.1
CVE-2024-34166 CRITICAL
Wavlink AC3000 M33A8.V5030.210505 - Command Injection
CVSS 10.0
CVE-2024-57228 HIGH
Linksys E7350 1.1.00.032 - OS Command Injection via iface Parameter in vif_disable Function
CVSS 8.0
CVE-2024-57227 HIGH
Linksys E7350 1.1.00.032 - OS Command Injection via ifname Parameter in apcli_do_enr_pbc_wps
CVSS 8.0
CVE-2024-57226 HIGH
Linksys E7350 1.1.00.032 - OS Command Injection via iface Parameter in vif_enable Function
CVSS 8.0
CVE-2024-57225 CRITICAL
Linksys E7350 1.1.00.032 - OS Command Injection via devname Parameter
CVSS 9.8
CVE-2024-57224 CRITICAL
Linksys E7350 1.1.00.032 - OS Command Injection via apcli_do_enr_pin_wps ifname Parameter
CVSS 9.8
CVE-2024-57223 CRITICAL
Linksys E7350 1.1.00.032 - OS Command Injection via apcli_wps_gen_pincode ifname Parameter
CVSS 9.8
CVE-2024-57222 MEDIUM
Linksys E7350 1.1.00.032 - OS Command Injection via apcli_cancel_wps ifname Parameter
CVSS 6.3
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits