CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-49226 HIGH
Peplink Balance Two <8.4.0 - Command Injection
CVSS 7.2
CVE-2023-51016 CRITICAL
TOTOlink EX1800T <9.1.0cu.2112 - Command Injection
CVSS 9.8
CVE-2023-51014 CRITICAL
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 - Command Injection
CVSS 9.8
CVE-2023-51025 CRITICAL
TOTOlink EX1800T V9.1.0cu.2112_B20220316 - Command Injection
CVSS 9.8
CVE-2023-51707 CRITICAL
Array MotionPro <9.4.0.505 - Remote Command Execution via Crafted Packets
CVSS 9.8
CVE-2023-50989 CRITICAL
Tenda i29 v1.0 V1.0.0.5 - OS Command Injection via pingSet Function
CVSS 9.8
CVE-2023-50983 CRITICAL
Tenda i29 v1.0 V1.0.0.5 - OS Command Injection via sysScheduleRebootSet Function
CVSS 9.8
CVE-2023-6940 HIGH
MLflow < 2.9.2 - Remote Code Execution via Malicious Config Download
CVSS 8.8
CVE-2023-39509 HIGH
Bosch CPP13 Firmware < 8.90 and CPP14 Firmware 8.20-8.81 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-6848 HIGH
kodbox < 1.48.04 - Remote Command Injection via soffice Argument
CVSS 7.3
CVE-2023-50917 CRITICAL
MajorDoMo < 2023-11-15 - Remote Code Execution via thumb.php Shell Metacharacters
CVSS 9.8
CVE-2023-50089 CRITICAL
NETGEAR WNR2000v4 1.0.0.70 - Authenticated Command Injection via SOAP Authentication
CVSS 9.8
CVE-2023-49898 HIGH
Apache StreamPark 2.0.0-2.1.1 - Authenticated Remote Code Execution via Maven Compilation Parameters
CVSS 7.2
CVE-2023-6572 HIGH
gradio-app/gradio <main - Command Injection
CVSS 8.1
CVE-2023-25643 HIGH
ZTE MC801A and MC801A1 Firmware - Authenticated OS Command Injection
CVSS 8.4
CVE-2023-48702 HIGH
jellyfin < 10.8.13 - Authenticated Remote Code Execution via MediaEncoder Path Endpoint
CVSS 7.2
CVE-2023-48791 HIGH
FortiPortal <7.0.6 - Command Injection
CVSS 8.8
CVE-2023-47576 HIGH
Relyum RELY-PCIe and RELY-REC - Authenticated Command Injection via Web Interface
CVSS 8.8
CVE-2023-49587 MEDIUM
SAP Solution Manager 720 - Authenticated Remote Code Execution via Deprecated Function Modules
CVSS 6.4
CVE-2023-40301 CRITICAL
NETSCOUT nGeniusPULSE 3.8 - OS Command Injection
CVSS 9.8
CVE-2023-49436 CRITICAL
Tenda AX9 V22.03.01.46 - OS Command Injection via SetNetControlList list Parameter
CVSS 9.8
CVE-2023-49435 CRITICAL
Tenda AX9 V22.03.01.46 - OS Command Injection
CVSS 9.8
CVE-2023-49431 CRITICAL
Tenda AX9 V22.03.01.46 - Command Injection
CVSS 9.8
CVE-2023-49437 CRITICAL
Tenda AX12 V22.03.01.46 - OS Command Injection via SetNetControlList list Parameter
CVSS 9.8
CVE-2023-49428 CRITICAL
Tenda AX12 V22.03.01.46 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits