CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-55956 CRITICAL KEV
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2024-53290 HIGH
Dell ThinOS 2408 - Unauthenticated Command Injection
CVSS 8.4
CVE-2024-11772 CRITICAL
Ivanti CSA <5.0.3 - Command Injection
CVSS 9.1
CVE-2024-11634 CRITICAL
Ivanti Connect/Ivanti Policy <22.7R2.3/<22.7R1.2 - Command Injection
CVSS 9.1
CVE-2024-55547 CRITICAL
ORing IAP-420 Firmware < 2.01e - OS Command Injection via SNMP Objects
CVSS 9.8
CVE-2024-55544 HIGH
ORing IAP-420 Firmware < 2.01e - Authenticated OS Command Injection
CVSS 8.8
CVE-2024-53919 HIGH
Barco ClickShare - Command Injection
CVSS 7.6
CVE-2024-12358 MEDIUM
datax-web 2.1.1 - OS Command Injection via /api/job/add/ glueSource Parameter
CVSS 6.3
CVE-2024-12350 MEDIUM
JFinalCMS 1.0 - Remote Code Execution via Template Handler Content Argument
CVSS 6.3
CVE-2024-50388 CRITICAL
HBS 3 Hybrid Backup Sync < 25.1.1.673 - OS Command Injection
CVSS 9.8
CVE-2024-53672 MEDIUM
ClearPass Policy Manager 6.11.0-6.11.9 - Authenticated Remote Command Execution
CVSS 4.7
CVE-2024-51772 MEDIUM
ClearPass Policy Manager - Authenticated RCE
CVSS 6.4
CVE-2024-51771 HIGH
HPE Aruba Networking ClearPass Policy Manager - RCE
CVSS 7.2
CVE-2024-51114 HIGH
Beijing Digital China Yunke Information Technology Co.Ltd - Remote Code Execution
CVSS 8.8
CVE-2024-29404 HIGH
Razer Synapse 3 <v.3.9.131.20813 - RCE
CVSS 7.8
CVE-2024-11013 HIGH
NEC Corporation UNIVERGE IX - Command Injection
CVSS 7.2
CVE-2024-38831 HIGH
VMware Aria Operations 8.0-8.18.1 - Authenticated Local Privilege Escalation via Properties File Injection
CVSS 7.8
CVE-2024-11659 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT - OS Command Injection via iperf Argument
CVSS 4.7
CVE-2024-11658 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT <= 20241118 - OS Command Injection via countryCode Parameter
CVSS 4.7
CVE-2024-11657 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT - OS Command Injection via diag_nslookup Parameter
CVSS 4.7
CVE-2024-11656 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT - OS Command Injection via diag_ping6 Argument
CVSS 4.7
CVE-2024-11655 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT up to 20241118 - OS Command Injection via diag_ping Parameter
CVSS 4.7
CVE-2024-11654 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT - OS Command Injection via diag_traceroute6 Argument
CVSS 4.7
CVE-2024-11653 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT - OS Command Injection via diag_traceroute Parameter
CVSS 4.7
CVE-2024-11652 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, ENS620EXT - OS Command Injection via sn_https Parameter
CVSS 4.7
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits