CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-11651 MEDIUM
EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT - OS Command Injection via wifi_schedule_day_em_5 Parameter
CVSS 4.7
CVE-2024-11665 HIGH
hardy-barth cph2_echarge_firmware <2.0.4 - Command Injection
CVSS 8.8
CVE-2024-53899 HIGH
virtualenv <20.26.6 - Command Injection
CVSS 7.8
CVE-2024-37782 CRITICAL
Gladinet CentreStack <13.12.9934.54690 - LDAP Injection
CVSS 9.8
CVE-2024-48861 HIGH
QNAP QuRouter < 2.4.4.106 - OS Command Injection
CVSS 7.8
CVE-2024-48860 CRITICAL
QuRouter < 2.4.3.103 - OS Command Injection
CVSS 9.8
CVE-2024-38644 HIGH
Notes Station 3 <3.9.7 - Command Injection
CVSS 8.8
CVE-2024-53333 MEDIUM
TOTOLINK EX200 v4.0.3c.7646_B20201211 - OS Command Injection via ussd Parameter
CVSS 6.3
CVE-2024-48288 HIGH
TP-Link TL-IPC42C V4.0_20211227_1.0.16 - OS Command Injection
CVSS 8.0
CVE-2024-48286 HIGH
Linksys E3000 1.0.06.002_US - OS Command Injection via diag_ping_start Function
CVSS 8.0
CVE-2024-48747 MEDIUM
alist-tvbox 1.7.1 - Remote Code Execution via /atv-cli File
CVSS 6.8
CVE-2024-11320 CRITICAL
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
CVSS 9.8
CVE-2024-51151 CRITICAL
D-Link DI-8200 16.07.26A1 - Remote Code Execution via msp_info_htm flag and cmd Parameters
CVSS 9.8
CVE-2024-33439 CRITICAL
Kasda LinkSmart Router KW5515 <1.7 - RCE
CVSS 9.1
CVE-2024-52739 HIGH
D-LINK DI-8400 v16.07.26A1 - Remote Code Execution via msp_info_htm flag and cmd Parameters
CVSS 8.0
CVE-2024-29292 CRITICAL
Kasda LinkSmart Router KW6512 <= v1.3 - Command Injection
CVSS 9.1
CVE-2024-51503 HIGH
Trend Micro Deep Security 20 Agent - Privilege Escalation and Remote Code Execution via Manual Scan Command Injection
CVSS 8.0
CVE-2024-45505 HIGH
Apache HertzBeat <1.6.1 - Command Injection
CVSS 8.8
CVE-2024-10443 CRITICAL
Synology Photos < 1.6.2-0720 and BeePhotos < 1.1.0-10053 - OS Command Injection in Task Manager
CVSS 9.8
CVE-2024-52308 HIGH
GitHub CLI < 2.62.0 - Remote Code Execution via Malicious Codespace SSH Server
CVSS 8.0
CVE-2024-51027 MEDIUM
Ruijie NBR800G NBR_RGOS_11.1(6)B4P9 - OS Command Injection via Province Parameter
CVSS 6.5
CVE-2024-50853 HIGH
Tendacn G3 Firmware - Command Injection
CVSS 8.8
CVE-2024-50852 HIGH
Tendacn G3 Firmware - Command Injection
CVSS 8.8
CVE-2024-28729 CRITICAL
DLink DWR-2000M Firmware 1.34ME - OS Command Injection
CVSS 9.8
CVE-2024-28726 HIGH
DLink DWR-2000M 5G CPE - OS Command Injection via Diagnostics Function
CVSS 8.0
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits