CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-26155 HIGH
node-qpdf - OS Command Injection via encrypt() Method
CVSS 7.3
CVE-2023-45852 CRITICAL
Viessmann Vitogate 300 < 2.1.3.0 - RCE via ipaddr Shell Metacharacter Injection
CVSS 9.8
CVE-2023-45466 CRITICAL
Netis N3Mv2-V1.0.1.865 - OS Command Injection via WPS Settings pin_host Parameter
CVSS 9.8
CVE-2023-45465 CRITICAL
Netis N3Mv2-V1.0.1.865 - OS Command Injection via ddnsDomainName Parameter
CVSS 9.8
CVE-2023-32632 HIGH
Yifan YF325 Firmware v1.0_20221108 - Remote Code Execution via Diag Ping Start
CVSS 8.8
CVE-2023-26320 HIGH
Xiaomi Xiaomi Router - Command Injection
CVSS 7.5
CVE-2023-26319 MEDIUM
Xiaomi Xiaomi Router - Command Injection
CVSS 6.7
CVE-2023-36415 HIGH
Azure Identity SDK < 1.10.2, < 1.14.1, < 3.3.1 - Remote Code Execution
CVSS 8.8
CVE-2023-36414 HIGH
Azure Identity SDK < 1.10.2 - Remote Code Execution
CVSS 8.8
CVE-2023-45208 HIGH
D-Link DAP-X1860 Firmware 1.00-1.01b05-01 - Remote Command Injection via Crafted SSID
CVSS 8.8
CVE-2023-44959 HIGH
D-Link DSL-3782 Firmware < 1.03 - Authenticated Remote Code Execution via Router IP Address Field
CVSS 8.8
CVE-2023-44827 HIGH
ZenTao < 18.6, ZenTao Biz < 8.6, ZenTao Max < 4.7 - Remote Code Execution via Office Conversion Settings
CVSS 8.8
CVE-2023-45356 HIGH
Atos Unify OpenScape 4000 Assistant and Manager Platform V10 R1 - Authenticated Command Injection via dtb Pages
CVSS 8.8
CVE-2023-45355 HIGH
Atos Unify OpenScape 4000 Assistant and Manager V10 R1 - Authenticated Command Injection via Webservice
CVSS 8.8
CVE-2023-45351 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 < V10 R1.42.1 and V10 R0 - Authenticated Command Injection via AShbr
CVSS 8.8
CVE-2023-4401 HIGH
Dell SmartFabric Storage Software < 1.4.1 - Authenticated OS Command Injection via CLI 'more' Command
CVSS 7.8
CVE-2023-43891 CRITICAL
Netis N3Mv2-V1.0.1.865 - Command Injection
CVSS 9.8
CVE-2023-26145 HIGH
pydash < 6.0.0 - OS Command Injection via Deep Path String Manipulation
CVSS 7.4
CVE-2023-41303 HIGH
Distributed File System - Command Injection
CVSS 7.5
CVE-2023-41031 HIGH
Juplink RX4-1500 - Command Injection
CVSS 8.0
CVE-2023-41029 HIGH
Juplink RX4-1500 Wifi router <V1.0.5 - Command Injection
CVSS 8.0
CVE-2023-43128 CRITICAL
D-LINK DIR-806 DIR806A1_FW100CNb11 - OS Command Injection via HTTP_ST Parameter
CVSS 9.8
CVE-2023-42810 CRITICAL
systeminformation 5.0.0-5.21.6 - Command Injection via SSID Parameter
CVSS 9.8
CVE-2023-43138 HIGH
TPLINK TL-ER5120G <4.0.2.0 - Command Injection
CVSS 8.8
CVE-2023-43137 HIGH
TPLINK TL-ER5120G 4.0.2.0 - Command Injection
CVSS 8.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits