CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,567 vulnerabilities with CWE-77
CVE-2024-57214
MEDIUM
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via devname Parameter in reset_wifi Function
CVSS 6.3
CVE-2024-57213
MEDIUM
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via newpasswd Parameter
CVSS 6.3
CVE-2024-57212
MEDIUM
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via opmode Parameter
CVSS 5.1
CVE-2024-57211
HIGH
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via modifyOne Parameter
CVSS 8.0
CVE-2024-27980
HIGH
Node.js < 18.20.2, 19.x, < 20.12.2, < 21.7.3 - Command Injection via child_process.spawn
CVSS 8.1
CVE-2024-53526
MEDIUM
composio >=0.5.40 - Command Injection via handle_tool_calls Function
CVSS 6.4
CVE-2024-51442
HIGH
Minidlna <v1.3.3 - Command Injection
CVSS 8.8
CVE-2024-55414
CRITICAL
Motorola SM56 Modem WDM Driver v6.12.23.0 - Privilege Escalation
CVSS 9.8
CVE-2024-54007
HIGH
501 Wireless Client Bridge - Command Injection
CVSS 7.2
CVE-2024-54006
HIGH
501 Wireless Client Bridge - Command Injection
CVSS 7.2
CVE-2024-13129
HIGH
Roxy-WI <= 8.1.3 - OS Command Injection via action_service Parameter
CVSS 8.8
CVE-2024-13062
HIGH
ASUS Router 3.0.0.4_382-3.0.0.4_386-3.0.0.4_388-3.0.0.6_102 - OS Command Injection
CVSS 7.2
CVE-2024-12912
HIGH
ASUS Router 3.0.0.4_382-3.0.0.6_102 - OS Command Injection in AiCloud
CVSS 7.2
CVE-2024-12987
HIGH
KEV
DrayTek Vigor2960 and Vigor300B 1.5.1.4 - OS Command Injection via apmcfgupload Session Parameter
CVSS 7.3
CVE-2024-12986
HIGH
DrayTek Vigor2960 and Vigor300B 1.5.1.3-1.5.1.4 - OS Command Injection via apmcfgupptim Session Parameter
CVSS 7.3
CVE-2024-12985
MEDIUM
Overtek OT-E801G OTE801G65.1.1.0 - Command Injection
CVSS 6.3
CVE-2024-12111
HIGH
OpenText Privileged Access Manager <24.3(4.5) - Auth Bypass
CVSS 8.0
CVE-2024-55461
CRITICAL
SeaCMS <= 13.0 - Command Injection via Ebak_RepPathFiletext()
CVSS 9.8
CVE-2024-39703
HIGH
ThreatQuotient ThreatQ <5.29.3 - Command Injection
CVSS 8.8
CVE-2024-49194
HIGH
Databricks JDBC Driver 2.x < 2.6.40 - Remote Code Execution via JNDI Injection in krbJAASFile Parameter
CVSS 7.3
CVE-2024-12356
CRITICAL
KEV
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
CVSS 9.8
CVE-2024-56087
MEDIUM
Logpoint SIEM < 7.5.0 - Authenticated Server-Side Template Injection via Search Template Dashboard Queries
CVSS 5.9
CVE-2024-56086
HIGH
Logpoint SIEM < 7.5.0 - Authenticated Remote Code Execution via Report Template Injection
CVSS 7.1
CVE-2024-56085
MEDIUM
Logpoint SIEM < 7.5.0 - Authenticated Server-Side Template Injection via Search Template Dashboard
CVSS 5.9
CVE-2024-56084
HIGH
Logpoint Universal Normalizer < 5.7.0 - Authenticated Remote Code Execution via Universal Normalizer Creation
CVSS 7.1
Details
Vulnerabilities
3,567
Exploit Likelihood
High