CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-40396 HIGH
iPadOS < 17.0 - Remote Code Execution with Kernel Privileges
CVSS 7.8
CVE-2023-52291 MEDIUM
Apache StreamPark < 2.1.4 - Authenticated Remote Command Execution via Maven Build Args
CVSS 4.7
CVE-2023-6321 HIGH
OwletCare Cam and ThroughTek Kalay Platform - Command Injection
CVSS 7.2
CVE-2023-42128 HIGH
Magnet Forensics AXIOM - Remote Code Execution via Android Device Image Acquisition
CVSS 8.0
CVE-2023-39471 HIGH
TP-Link TL-WR841N/TL-WR840N <231119/231121 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2023-38120 HIGH
Adtran SR400ac Firmware - Remote Code Execution via Ping Command Host Parameter
CVSS 8.8
CVE-2023-1000 MEDIUM
dcnnt-py < 0.9.1 - Remote Command Injection in Notification Handler
CVSS 6.3
CVE-2023-40146 MEDIUM
Peplink Smart Reader Firmware 1.2.0 - Privilege Escalation via /bin/login Hard-coded Credentials
CVSS 6.8
CVE-2023-33806 HIGH
Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 - Command Injection
CVSS 7.8
CVE-2023-6999 HIGH
Pods - Custom Content Types and Fields <= 3.0.10 - Authenticated Remote Code Execution via Shortcode
CVSS 8.8
CVE-2023-49134 HIGH
TP-Link EAP225 and EAP115 Firmware - Unauthenticated Remote Code Execution via tddpd enable_test_mode
CVSS 8.1
CVE-2023-49133 HIGH
TP-Link EAP225 and EAP115 Firmware - Unauthenticated Remote Code Execution via tddpd enable_test_mode
CVSS 8.1
CVE-2023-41724 HIGH
Ivanti Standalone Sentry < 9.19.0 - Unauthenticated Remote Code Execution
CVSS 8.8
CVE-2023-52624 HIGH
Linux Kernel < 6.7.3 - Denial of Service via DMCUB GPINT Command Execution
CVSS 7.8
CVE-2023-41334 HIGH
astropy < 5.3.3 - Remote Code Execution via TransformGraph().to_dot_graph savelayout Argument
CVSS 8.4
CVE-2023-51835 MEDIUM
TRENDnet TEW-822DRE v1.03B02 - OS Command Injection via ipv4_ping Parameter
CVSS 6.8
CVE-2023-49959 CRITICAL
PROFINET-INspektor NT <= 2.4.0 - Remote Command Injection via Crafted Filename Parameter
CVSS 9.8
CVE-2023-24331 CRITICAL
D-Link Dir 816 <DIR-816_A2_v1.10CNB04 - Command Injection
CVSS 9.8
CVE-2023-24330 HIGH
D-Link DIR-882 Firmware DIR882A1_FW130B06 - OS Command Injection via HNAP1 POST Request
CVSS 8.8
CVE-2023-47218 MEDIUM
QNAP QTS 5.1.0-5.1.5.2645 and QuTS hero h5.1.0-h5.1.5.2647 and QuTScloud c5.0.0.1919-c5.1.5.2651 - OS Command Injection
CVSS 5.8
CVE-2023-49716 MEDIUM
Emerson Rosemount GC370XA, GC700XA, and GC1500XA - Authenticated Remote Command Execution
CVSS 6.9
CVE-2023-46687 CRITICAL
Emerson Rosemount GC370XA-GC700XA-GC1500XA - Command Injection
CVSS 9.8
CVE-2023-40263 HIGH
Unify OpenScape Voice Trace Manager V8 < R0.9.11 - Authenticated Command Injection via FTP
CVSS 8.8
CVE-2023-47562 HIGH
QNAP Photo Station 6.4.0-6.4.1 - Authenticated OS Command Injection
CVSS 7.4
CVE-2023-45025 CRITICAL
QNAP QTS and QuTS hero - OS Command Injection
CVSS 9.0
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits