CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-7715 MEDIUM
D-Link DNS-120-DNS-1550-04 - Command Injection
CVSS 6.3
CVE-2024-7700 MEDIUM
Foreman - Command Injection via Host Init Config Template Install Packages Field
CVSS 6.5
CVE-2024-7616 MEDIUM
Edimax IC-6220DC and IC-5150W < 3.06 - OS Command Injection via ipcam_cgi host Parameter
CVSS 5.5
CVE-2024-37023 CRITICAL
Vonets Industrial WiFi Bridge Firmware < 3.3.23.6.9 - Authenticated OS Command Injection via Endpoint Parameters
CVSS 9.1
CVE-2024-22122 LOW
Zabbix 5.0.0-5.0.41 - OS Command Injection via SMS Notification Number Field
CVSS 3.0
CVE-2024-21880 HIGH
Enphase IQ Gateway Firmware 4.0-7.3.120 - Authenticated OS Command Injection via URL Parameter
CVSS 7.2
CVE-2024-21879 HIGH
Enphase IQ Gateway Firmware 4.0-8.2.4225 - Authenticated OS Command Injection via URL Parameter
CVSS 8.8
CVE-2024-21878 CRITICAL
Enphase IQ Gateway Firmware 4.0-8.2.4225 - OS Command Injection in Internal Script
CVSS 9.8
CVE-2024-3659 HIGH
KAON AR2140 Firmware < 3.2.50 and < 4.2.16 - Authenticated OS Command Injection via Crafted Request
CVSS 7.2
CVE-2024-28739 HIGH
Koha < 23.05.00 - Remote Code Execution via Format Parameter
CVSS 7.2
CVE-2024-39226 CRITICAL
GL-iNet Multiple Firmware Versions - OS Command Injection via s2s API
CVSS 9.8
CVE-2024-7397 CRITICAL
Korenix JetPort 5601v3 - Command Injection
CVE-2024-7464 MEDIUM
TOTOLINK CP900 6.3c.566 - OS Command Injection via setTelnetCfg telnet_enabled Parameter
CVSS 6.3
CVE-2024-7443 MEDIUM
Vivotek IB8367A VVTK-0100b - Command Injection via upload_file.cgi QUERY_STRING Parameter
CVSS 6.3
CVE-2024-7442 MEDIUM
Vivotek SD9364 VVTK-0103f - Command Injection via upload_file.cgi QUERY_STRING Parameter
CVSS 6.3
CVE-2024-7440 MEDIUM
Vivotek CC8160 VVTK-0100d - Command Injection via upload_file.cgi QUERY_STRING Parameter
CVSS 6.3
CVE-2024-7436 MEDIUM
D-Link DI-8100 16.07 - Remote Command Injection via msp_info.htm cmd Parameter
CVSS 6.3
CVE-2024-42348 CRITICAL
Fogproject < 1.5.10.41.3 - Command Injection
CVSS 9.3
CVE-2024-7029 HIGH
AVTECH AVM1203 Firmware < fullimg-1023-1007-1011-1009 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2024-7215 MEDIUM
TOTOLINK LR1200 9.3.1cu.2832 - Command Injection via NTPSyncWithHost host_time Parameter
CVSS 6.3
CVE-2024-7214 MEDIUM
TOTOLINK LR350 9.3.5u.6369_B20220309 - OS Command Injection via hostName Parameter
CVSS 6.3
CVE-2024-41637 HIGH
RaspAP < 3.1.5 - Privilege Escalation via Sudo Misconfiguration
CVSS 8.3
CVE-2024-7181 MEDIUM
TOTOLINK A3600R 4.1.2cu.5182_B20201102 - Command Injection via telnet_enabled Argument
CVSS 6.3
CVE-2024-7177 HIGH
TOTOLINK A3600R 4.1.2cu.5182_B20201102 - Buffer Overflow via setLanguageCfg langType Parameter
CVSS 8.8
CVE-2024-7174 HIGH
TOTOLINK A3600R 4.1.2cu.5182_B20201102 - Buffer Overflow in setdeviceName Function via deviceMac/deviceName Argument
CVSS 8.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits