CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-24046 MEDIUM
Connectize AC21000 G6 - Command Injection
CVSS 6.8
CVE-2023-48801 CRITICAL
TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-48842 CRITICAL
D-Link Go-RT-AC750 - Command Injection
CVSS 9.8
CVE-2023-43455 CRITICAL
TOTOLINK X6000R <9.4.0cu.652-9.4.0cu.852 - RCE
CVSS 9.8
CVE-2023-43454 CRITICAL
TOTOLINK X6000R <9.4.0cu.652-9.4.0cu.852 - RCE
CVSS 9.8
CVE-2023-43453 CRITICAL
TOTOLINK X6000R <9.4.0cu.652-9.4.0cu.852 - RCE
CVSS 9.8
CVE-2023-6071 HIGH
Trellix Enterprise Security Manager < 11.6.9 - Authenticated Remote Code Execution via Data Source Input
CVSS 8.4
CVE-2023-49040 CRITICAL
Tenda AX1803 1.0.0.1 adslPwd - Remote Command Execution
CVSS 9.8
CVE-2023-49213 HIGH
Ironman PowerShell Universal <4.2.0 - RCE
CVSS 8.8
CVE-2023-49210 CRITICAL
node-openssl < 2.0.0 - Command Injection via Verb Field
CVSS 9.8
CVE-2023-45625 HIGH
ArubaOS 10.3.0.0-10.4.0.2 and InstantOS 6.4.0.0-8.6.0.22 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-42326 HIGH
pfSense < 2.7.0 & pfSense Plus < 23.05.1 - RCE via interfaces_gif_edit.php & interfaces_gre_edit.php
CVSS 8.8
CVE-2023-47253 CRITICAL
Qualitor < 8.20 - Remote Code Execution via processVariavel.php gridValoresPopHidden Parameter
CVSS 9.8
CVE-2023-23369 CRITICAL
QNAP QTS - OS Command Injection via Network
CVSS 9.0
CVE-2023-20220 HIGH
Cisco Firepower Management Center - RCE
CVSS 7.2
CVE-2023-20219 HIGH
Cisco Firepower Management Center - RCE
CVSS 7.2
CVE-2023-20170 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command
CVSS 6.0
CVE-2023-46485 CRITICAL
TOTOlink X6000R V9.4.0cu.852_B20230719 - RCE
CVSS 9.8
CVE-2023-46484 CRITICAL
TOTOlink X6000R V9.4.0cu.852_B20230719 - RCE
CVSS 9.8
CVE-2023-46993 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 - Command Injection
CVSS 9.8
CVE-2023-46979 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-46976 CRITICAL
TOTOLINK A3300R <17.0.0cu.557_B20221024 - Command Injection
CVSS 9.8
CVE-2023-47104 CRITICAL
vareille tiny_file_dialogs < 3.15.0 - OS Command Injection via Shell Metacharacters in Input Data
CVSS 9.8
CVE-2023-43322 HIGH
ZPE Systems, Inc Nodegrid OS <5.10.4 - Command Injection
CVSS 8.8
CVE-2023-45498 CRITICAL
Vinchin Backup & Recovery 5.0-7.0 - OS Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits