CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,332 vulnerabilities with CWE-77
CVE-2026-6027 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setUrlFilterRules os command injection
CVSS 9.8
CVE-2026-6026 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection
CVSS 9.8
CVE-2026-6025 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setSyslogCfg os command injection
CVSS 9.8
CVE-2026-5997 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
CVSS 9.8
CVE-2026-5996 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
CVSS 9.8
CVE-2026-5995 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
CVSS 9.8
CVE-2026-5994 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection
CVSS 9.8
CVE-2026-5993 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection
CVSS 9.8
CVE-2026-5978 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiAclRules os command injection
CVSS 9.8
CVE-2026-5977 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
CVSS 9.8
CVE-2026-5976 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setStorageCfg os command injection
CVSS 9.8
CVE-2026-5975 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setDmzCfg os command injection
CVSS 9.8
CVE-2026-5974 HIGH
FoundationAgents MetaGPT terminal.py Bash.run os command injection
CVSS 7.3
CVE-2026-5973 HIGH
FoundationAgents MetaGPT common.py get_mime_type os command injection
CVSS 7.3
CVE-2026-5972 HIGH
FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection
CVSS 7.3
CVE-2026-31170 CRITICAL
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
CVSS 9.8
CVE-2026-5854 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
CVSS 9.8
CVE-2026-5853 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injection
CVSS 9.8
CVE-2026-5852 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection
CVSS 9.8
CVE-2026-5851 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setUPnPCfg os command injection
CVSS 9.8
CVE-2026-5850 CRITICAL
Totolink A7100RU CGI cstecgi.cgi setVpnPassCfg os command injection
CVSS 9.8
CVE-2026-5844 HIGH
D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection
CVSS 7.2
CVE-2026-5833 MEDIUM
awwaiid mcp-server-taskwarrior index.ts server.setRequestHandler command injection
CVSS 5.3
CVE-2026-5831 MEDIUM
Agions taskflow-ai terminal_execute handlers.ts os command injection
CVSS 6.3
CVE-2026-5802 HIGH
idachev mcp-javadc HTTP os command injection
CVSS 7.3
Details
Vulnerabilities 3,332
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits