CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-44574 HIGH
RELY-PCIe <23.1.0 - Command Injection
CVSS 8.8
CVE-2024-44572 HIGH
RELY-PCIe <23.1.0 - Command Injection
CVSS 8.8
CVE-2024-44570 HIGH
rely-pcie_firmware 22.2.1-23.1.0 - Command Injection via getParams Function
CVSS 8.8
CVE-2024-44466 CRITICAL
COMFAST CF-XR11 V2.7.2 - OS Command Injection via iface Parameter in webmgnt
CVSS 9.8
CVE-2024-38228 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 7.2
CVE-2024-38227 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 7.2
CVE-2024-33508 HIGH
FortiClientEMS 7.0.0-7.0.12 - Unauthenticated Command Injection via Crafted Requests
CVSS 7.3
CVE-2024-42427 HIGH
Dell ThinOS <2405 - Command Injection
CVSS 7.6
CVE-2024-44410 CRITICAL
D-Link DI-8300 v16.07.26A1 - OS Command Injection via upgrade_filter_asp Function
CVSS 9.8
CVE-2024-44335 HIGH
D-Link DI Routers version_upgrade.asp - Remote Command Execution
CVSS 8.8
CVE-2024-44334 HIGH
D-Link DI Routers upgrade_filter.asp - Remote Command Execution
CVSS 8.8
CVE-2024-36138 HIGH
Node.js < 18.20.4, 20.0-20.15.1, 22.0-22.4.1 - Command Injection via child_process.spawn
CVSS 8.1
CVE-2024-44845 HIGH
DrayTek Vigor3900 <1.5.1.6 - Command Injection
CVSS 8.8
CVE-2024-44844 HIGH
DrayTek Vigor3900 <1.5.1.6 - Command Injection
CVSS 8.8
CVE-2024-38641 HIGH
QNAP QTS and QuTS hero < 5.1.8.2823 - OS Command Injection
CVSS 7.8
CVE-2024-21903 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 6.6
CVE-2024-44402 CRITICAL
D-Link DI-8100G 17.12.20A1 - OS Command Injection via msp_info.htm
CVSS 9.8
CVE-2024-44401 CRITICAL
D-Link DI-8100G 17.12.20A1 - OS Command Injection via upgrade_filter.asp sub47A60C Function
CVSS 9.8
CVE-2024-38486 HIGH
Dell SmartFabric OS10 <10.5.5.4-10.5.6.x - Command Injection
CVSS 7.5
CVE-2024-44400 CRITICAL
D-Link DI-8400 Firmware 16.07.26A1 - OS Command Injection via upgrade_filter.asp Path Parameter
CVSS 9.8
CVE-2024-44383 MEDIUM
WAYOS FBM-291W v19.09.11 - OS Command Injection via msp_info_htm
CVSS 6.8
CVE-2024-44916 HIGH
Seacms v13.1 - OS Command Injection via admin_ip.php IP Parameter
CVSS 7.2
CVE-2024-42905 CRITICAL
DCME-320 <7.4.12.60 - Command Injection
CVSS 9.8
CVE-2024-8214 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_FMT_Std2R5_2nd_DiskMGR f_source_dev Parameter
CVSS 6.3
CVE-2024-8213 MEDIUM
D-Link DNS and DNR Series Firmware - OS Command Injection via cgi_FMT_R12R5_1st_DiskMGR f_source_dev Parameter
CVSS 6.3
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits