CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-46424 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46423 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46422 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46421 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46420 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46419 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46418 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46417 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46416 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46415 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46414 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - RCE
CVSS 9.8
CVE-2023-46413 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - Command Injection
CVSS 9.8
CVE-2023-46412 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - Command Injection
CVSS 9.8
CVE-2023-46411 CRITICAL
TOTOLINK X6000R <9.4.0cu.652 - Command Injection
CVSS 9.8
CVE-2023-46410 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - Command Injection
CVSS 9.8
CVE-2023-46409 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - Command Injection
CVSS 9.8
CVE-2023-46408 CRITICAL
TOTOLINK X6000R <9.4.0cu.652_B20230116 - Command Injection
CVSS 9.8
CVE-2023-5752 MEDIUM
pip < 23.3 - Command Injection via Mercurial VCS URL Configuration
CVSS 5.5
CVE-2023-46574 CRITICAL
TOTOLINK A3700R <9.1.2u.6165_20211012 - RCE
CVSS 9.8
CVE-2023-46370 CRITICAL
Tenda W18E <16.01.0.8 - Command Injection
CVSS 9.8
CVE-2023-43510 MEDIUM
ClearPass Policy Manager - Command Injection
CVSS 4.7
CVE-2023-38193 HIGH
SuperWebMailer 9.00.0.01710 - Remote Code Execution via Sendmail Command Line
CVSS 8.8
CVE-2023-21413 CRITICAL
AXIS OS 10.5.0-10.12.198 and 11.0.89-11.6.93 - Remote Code Execution via ACAP Application Installation
CVSS 9.1
CVE-2023-36954 CRITICAL
TOTOLINK CP300+ <V5.2cu.7594_B20200910 - Command Injection
CVSS 9.8
CVE-2023-36953 CRITICAL
TOTOLINK CP300+ <V5.2cu.7594_B20200910 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits