CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-43207 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C - Command Injection
CVSS 9.8
CVE-2023-43206 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C - Command Injection
CVSS 9.8
CVE-2023-43204 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C - Command Injection
CVSS 9.8
CVE-2023-43202 CRITICAL
D-LINK DWL-6610 FW_v_4.3.0.8B003C - Command Injection
CVSS 9.8
CVE-2023-43477 MEDIUM
Telstra Smart Modem Gen 2 - Command Injection
CVSS 6.8
CVE-2023-33831 CRITICAL
FUXA 1.1.13 - Remote Code Execution via /api/runscript Endpoint
CVSS 9.8
CVE-2023-34999 HIGH
RTS VLink Virtual Matrix v5 < 5.7.6 and v6 < 6.5.0 - Remote Code Execution via Admin Web Interface
CVSS 8.4
CVE-2023-39638 CRITICAL
D-Link DIR-859 A1 1.05 and A1 1.06B01 Beta01 - OS Command Injection via lxmldbc_system Function
CVSS 9.8
CVE-2023-41011 CRITICAL
China Mobile Intelligent Home Gateway v.HG6543C4 - RCE
CVSS 9.8
CVE-2023-36642 MEDIUM
FortiTester <7.2.3 - Command Injection
CVSS 6.7
CVE-2023-3710 CRITICAL
Honeywell PM43 Firmware < P10.19.050004 - Command Injection via Printer Web Page Modules
CVSS 9.9
CVE-2023-36805 HIGH
Windows MSHTML < - Privilege Escalation
CVSS 7.0
CVE-2023-33136 HIGH
Azure DevOps Server - Remote Code Execution
CVSS 8.8
CVE-2023-39637 CRITICAL
D-Link DIR-816 A2 1.10 B05 - OS Command Injection via Diagnosis Component
CVSS 9.8
CVE-2023-38829 HIGH
NETIS SYSTEMS WF2409E <3.6.42541 - RCE
CVSS 8.8
CVE-2023-39362 HIGH
Cacti < 1.2.25 - Authenticated Remote Code Execution via SNMP Device Options
CVSS 7.2
CVE-2023-4310 CRITICAL
BeyondTrust PRA/RS <23.2.2 - Command Injection
CVSS 9.8
CVE-2023-40598 HIGH
Splunk Enterprise <8.2.12, 9.0.6, 9.1.1 - Code Injection
CVSS 8.5
CVE-2023-38027 CRITICAL
myspotcam sense_firmware < 2.2046 - Unauthenticated OS Command Injection via Hidden Telnet Function
CVSS 9.8
CVE-2023-40796 HIGH
Phicomm k2 <22.6.529.216 - Command Injection
CVSS 7.8
CVE-2023-25649 MEDIUM
ZTE MF286R Firmware - Authenticated Command Injection via SET_DEVICE_LED Interface
CVSS 6.8
CVE-2023-37469 HIGH
CasaOS < 0.4.4 - Authenticated Remote Code Execution via SMB Connection
CVSS 8.8
CVE-2023-39834 CRITICAL
pbootcms < 3.2.0 - Command Injection via create_function
CVSS 9.8
CVE-2023-4212 MEDIUM
Trane Thermostat - Command Injection
CVSS 6.8
CVE-2023-23564 HIGH
Geomatika IsiGeo Web 6.0 - Authenticated Remote Command Execution
CVSS 8.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits