CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-29949 HIGH
Hikvision DS-7604NI-K1 / 4P(B) < V4.30.096build221220 - Authenticated Command Injection
CVSS 7.2
CVE-2024-29435 MEDIUM
Alldata v0.4.6 - OS Command Injection via processId Parameter
CVSS 4.1
CVE-2024-30637 HIGH
Tenda F1202 v1.2.0.20(408) - OS Command Injection via formWriteFacMac mac Parameter
CVSS 8.8
CVE-2024-2947 HIGH
Cockpit <270 - Command Injection
CVSS 7.3
CVE-2024-25955 HIGH
Dell vApp Manager < 9.2.4.9 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-25946 HIGH
Dell vApp Manager < 9.2.4.9 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-3009 MEDIUM
Tenda FH1205 2.0.0.7(775) - OS Command Injection via formWriteFacMac mac Parameter
CVSS 6.3
CVE-2024-2991 MEDIUM
Tenda FH1203 2.0.1.6 - Command Injection
CVSS 6.3
CVE-2024-29946 HIGH
Splunk Enterprise <9.2.1, 9.1.4, 9.0.9 - Info Disclosure
CVSS 8.1
CVE-2024-2982 MEDIUM
Tenda FH1202 1.2.0.14(408 - Command Injection
CVSS 5.5
CVE-2024-1540 HIGH
gradio < 4.18.0 - Command Injection via GitHub Context Expression Handling
CVSS 8.2
CVE-2024-28545 CRITICAL
Tenda AC18 V15.03.05.05 - OS Command Injection via setUsbUnload deviceName Parameter
CVSS 9.8
CVE-2024-24897 HIGH
openEuler A-Tune-Collector <1.3.0 - Command Injection
CVSS 8.1
CVE-2024-28041 HIGH
HGW BL1500HM <002.001.013 - Command Injection
CVSS 8.8
CVE-2024-29385 CRITICAL
D-Link DIR-845L <= v1.01KRb03 soapcgi_main - Unauthenticated Code Execution
CVSS 9.0
CVE-2024-29366 HIGH
DIR-845L <v1.01KRb03 - Command Injection
CVSS 8.8
CVE-2024-29864 CRITICAL
Distrobox <1.7.0.1 - Command Injection
CVSS 9.8
CVE-2024-2642 HIGH
Ruijie RG-NBS2009G-P <20240305 - Command Injection
CVSS 7.3
CVE-2024-28354 CRITICAL
TRENDnet TEW-827DRU Firmware 2.10B01 - OS Command Injection via usapps.@smb Username Parameter
CVSS 10.0
CVE-2024-28353 HIGH
TRENDnet TEW-827DRU Firmware 2.10B01 - OS Command Injection via usapps.config.smb_admin_name Parameter
CVSS 8.8
CVE-2024-25228 HIGH
Vinchin Backup and Recovery <7.2 - Authenticated RCE
CVSS 8.8
CVE-2024-26204 HIGH
Outlook for Android < 4.2404.0 - Information Disclosure
CVSS 7.5
CVE-2024-25998 HIGH
CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Unauthenticated Command Injection in OCPP Service
CVSS 7.3
CVE-2024-22127 CRITICAL
SAP NetWeaver Administrator AS Java - Command Injection
CVSS 9.1
CVE-2024-2352 MEDIUM
1Panel < 1.10.2-lts - Command Injection via Device Swap Path Parameter
CVSS 6.3
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits