CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-48659 CRITICAL
dcnetworks DCME-320-L <=9.3.2.114 - Remote Code Execution via log_u_umount.php
CVSS 9.8
CVE-2024-10193 MEDIUM
WAVLINK WN530H4/WN530HG4/WN572HG3 <20221028 - Command Injection
CVSS 4.7
CVE-2024-9264 CRITICAL
Grafana 11.0.0-11.0.5 - Authenticated Command Injection via DuckDB SQL Expressions
CVSS 9.9
CVE-2024-6333 HIGH
Xerox AltaLink VersaLink and WorkCentre - Authenticated Remote Code Execution
CVSS 7.2
CVE-2024-35520 HIGH
Netgear R7000 1.0.11.136 - Command Injection via RMT_invite.cgi device_name2 Parameter
CVSS 8.4
CVE-2024-35519 HIGH
Netgear EX3700 < 1.0.0.96, EX6100 < 1.0.2.28, EX6120 < 1.0.0.68 - OS Command Injection via ap_mode Parameter
CVSS 8.4
CVE-2024-35518 HIGH
Netgear EX6120 < 1.0.0.68 - OS Command Injection via wan_dns1_pri Parameter
CVSS 8.4
CVE-2024-48153 CRITICAL
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi get_subconfig
CVSS 9.8
CVE-2024-35522 HIGH
Netgear EX3700 Firmware < 1.0.0.98 - Authenticated Command Injection via ap_mode Parameter
CVSS 8.4
CVE-2024-35517 HIGH
Netgear XR1000 v1.0.0.64 - OS Command Injection via usb_remote_smb_conf.cgi share_name Parameter
CVSS 8.4
CVE-2024-44413 HIGH
DI_8200-16.07.26A1 - Command Injection
CVSS 8.8
CVE-2024-39563 HIGH
Juniper Junos Space 24.1R1 - Unauthenticated Remote Command Execution via GET Request
CVSS 7.3
CVE-2024-9793 MEDIUM
Tenda AC1206 <= 15.03.06.23 - OS Command Injection via ate_iwpriv_set/ate_ifconfig_set
CVSS 6.3
CVE-2024-38817 MEDIUM
VMware NSX and Cloud Foundation - Authenticated Command Injection via NSX Edge CLI
CVSS 6.7
CVE-2024-7840 HIGH
Progress Telerik Reporting < 18.2.24.924 - Command Injection via Hyperlink Element
CVSS 7.8
CVE-2024-39438 MEDIUM
Android - Local Privilege Escalation via Command Injection in linkturbonative Service
CVSS 6.5
CVE-2024-39437 MEDIUM
Android - Command Injection in linkturbonative Service
CVSS 6.5
CVE-2024-39436 MEDIUM
Android - Local Privilege Escalation via Command Injection in linkturbonative Service
CVSS 6.5
CVE-2024-43601 HIGH
Visual Studio Code < 1.94.1 - Remote Code Execution
CVSS 7.8
CVE-2024-43591 HIGH
Azure Command Line Interface < 2.65.0 - Command Injection
CVSS 8.7
CVE-2024-43497 HIGH
DeepSpeed < 0.15.1 - Remote Code Execution
CVSS 8.4
CVE-2024-9380 HIGH KEV
Ivanti Endpoint Manager Cloud Services Appliance < 5.0.2 - Authenticated Remote Code Execution via Admin Web Console
CVSS 7.2
CVE-2024-47562 HIGH
Siemens SINEC Security Monitor < V4.9.0 - Privilege Escalation
CVSS 8.8
CVE-2024-8983 MEDIUM
Custom Twitter Feeds < 2.2.3 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-20492 MEDIUM
Cisco Expressway Series - Command Injection
CVSS 6.0
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits