CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-31485 HIGH
CPCI85 Central Processing/Communication <5.30 - Command Injection
CVSS 7.2
CVE-2024-28136 HIGH
CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Authenticated Command Injection via OCPP Remote Service
CVSS 7.8
CVE-2024-28135 MEDIUM
CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Authenticated Remote Code Execution via API Command Injection
CVSS 5.0
CVE-2024-4712 HIGH
PaperCut NG/MF < 23.0.9 - Arbitrary File Creation via Web Print Image Handler
CVSS 7.8
CVE-2024-34352 MEDIUM
1Panel <1.10.3-lts - Command Injection
CVSS 6.5
CVE-2024-34338 HIGH
Tenda O3V2 <1.0.0.10-1.0.0.12 - Command Injection
CVSS 7.2
CVE-2024-34218 LOW
TOTOLINK outdoor CPE CP450 <4.1.0cu.747_B20191224 - Command Injection
CVSS 3.8
CVE-2024-34206 MEDIUM
TOTOLINK outdoor CPE CP450 <4.1.0cu.747_B20191224 - Command Injection
CVSS 6.5
CVE-2024-34204 CRITICAL
TOTOLINK outdoor CPE CP450 <4.1.0cu.747_B20191224 - Command Injection
CVSS 9.8
CVE-2024-29895 CRITICAL
Cacti 1.3.x DEV - Command Injection
CVSS 10.0
CVE-2024-27818 HIGH
iPadOS < 16.7.8 - Remote Code Execution
CVSS 7.8
CVE-2024-34347 HIGH
@hoppscotch/cli <0.8.0 - Code Injection
CVSS 8.3
CVE-2024-33113 MEDIUM
D-LINK DIR-845L <=1.01KRb03 - Information Disclosure via bsc_sms_inbox.php
CVSS 5.3
CVE-2024-33112 HIGH
D-Link DIR-845L Firmware < 1.01krb03 - OS Command Injection via hnap_main() Function
CVSS 7.5
CVE-2024-33788 HIGH
Linksys E5600 v1.1.0.26 - OS Command Injection via PinCode Parameter
CVSS 8.0
CVE-2024-33789 CRITICAL
Linksys E5600 v1.1.0.26 - OS Command Injection via ipurl Parameter
CVSS 9.8
CVE-2024-22546 MEDIUM
TRENDnet TEW-815DAP 1.0.2.0 - Command Injection
CVSS 6.4
CVE-2024-33344 CRITICAL
D-Link DIR-822+ V1.0.5 - Remote Command Injection via ftext Function in upload_firmware.cgi
CVSS 9.8
CVE-2024-33342 HIGH
D-Link DIR-822+ V1.0.5 - OS Command Injection via SetPlcNetworkpwd Function
CVSS 7.5
CVE-2024-32884 MEDIUM
gix-transport < 0.42.0 - Command Injection via SSH URL Username Smuggling
CVSS 6.4
CVE-2024-32766 CRITICAL
QNAP QTS < 4.5.4.2627 and QuTS hero < h4.5.4.2626 and QuTScloud < c5.1.5.2651 - OS Command Injection
CVSS 10.0
CVE-2024-28328 MEDIUM
Asus RT-N12+ - CSV Injection via Client Name Parameter
CVSS 5.4
CVE-2024-0740 CRITICAL
Eclipse Target Management <= 4.5.400 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2024-3154 HIGH
cri-o 1.29.0-1.29.3 - Unauthenticated Arbitrary Systemd Property Injection via Pod Annotation
CVSS 7.2
CVE-2024-22061 CRITICAL
Ivanti Avalanche <6.4.3 - Buffer Overflow
CVSS 9.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits