CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-8212 MEDIUM
D-Link DNS and DNR Series Firmware - OS Command Injection via cgi_FMT_R12R5_2nd_DiskMGR f_source_dev Parameter
CVSS 6.3
CVE-2024-8211 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_FMT_Std2R1_DiskMGR f_newly_dev Parameter
CVSS 6.3
CVE-2024-8210 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via hd_config.cgi f_mount Parameter
CVSS 6.3
CVE-2024-8073 CRITICAL
Hillstone Networks Web App FW <5.5R6-2.8.13 - Command Injection
CVSS 9.8
CVE-2024-8134 MEDIUM
D-Link DNS/NR Firmware - OS Command Injection via cgi_FMT_Std2R5_1st_DiskMGR f_source_dev Parameter
CVSS 6.3
CVE-2024-8133 MEDIUM
D-Link DNS and DNR Firmware - OS Command Injection via cgi_FMT_R5_SpareDsk_DiskMGR f_source_dev Parameter
CVSS 6.3
CVE-2024-8132 MEDIUM
D-Link DNS/NR Firmware - OS Command Injection via webdav_mgr.cgi f_path Parameter
CVSS 6.3
CVE-2024-8131 MEDIUM
D-Link DNS-120-DNS-1550-04 - Command Injection
CVSS 6.3
CVE-2024-8130 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_s3 HTTP POST Parameter
CVSS 6.3
CVE-2024-8129 MEDIUM
D-Link DNS/NR Firmware - OS Command Injection via cgi_s3_modify f_job_name Parameter
CVSS 6.3
CVE-2024-8128 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_add_zip Path Parameter
CVSS 6.3
CVE-2024-8127 MEDIUM
D-Link DNS/NAS Firmware - OS Command Injection via cgi_unzip Path Parameter
CVSS 6.3
CVE-2024-44382 CRITICAL
D-Link DI_8004W 16.07.26A1 - OS Command Injection via jhttpd upgrade_filter_asp
CVSS 9.8
CVE-2024-44381 CRITICAL
D-Link DI_8004W 16.07.26A1 - OS Command Injection in jhttpd msp_info_htm Function
CVSS 9.8
CVE-2024-42636 HIGH
DedeCMS V5.7.115 - Command Injection
CVSS 7.2
CVE-2024-7110 MEDIUM
GitLab 17.0-17.1.6 17.2-17.2.4 17.3-17.3.1 - Command Injection via Prompt Injection
CVSS 6.4
CVE-2024-43027 HIGH
DrayTek Vigor 3900, 2960, and 300B < 1.5.1.5 - OS Command Injection via Mainfunction CGI Action Parameter
CVSS 8.0
CVE-2024-7922 MEDIUM
D-Link DNS and DNR Series Firmware - OS Command Injection via myMusic.cgi Functions
CVSS 6.3
CVE-2024-7907 MEDIUM
TOTOLINK X6000R 9.4.0cu.852_20230719 - OS Command Injection via rtLogServer Parameter
CVSS 6.3
CVE-2024-7897 MEDIUM
Tosei Online Store Management System 4.02/4.03/4.04 - OS Command Injection via kikaibangou Parameter
CVSS 6.3
CVE-2024-7896 MEDIUM
Tosei Online Store Management System 4.02-4.04 - Command Injection via adr_txt Parameter
CVSS 6.3
CVE-2024-42947 CRITICAL
Tenda FH1201 <1.2.0.14 - Command Injection
CVSS 9.8
CVE-2024-7833 MEDIUM
D-Link DI-8100 16.07 - Remote Command Injection via upgrade_filter.asp Path Parameter
CVSS 6.3
CVE-2024-42360 CRITICAL
SequenceServer < 3.1.2 - OS Command Injection via HTTP Endpoint Parameters
CVSS 9.8
CVE-2024-5914 CRITICAL
Cortex XSOAR CommonScripts < 1.12.33 - Unauthenticated Command Injection
CVSS 9.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits