CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-39618 CRITICAL
TOTOLINK X5000R B20210419 - Remote Code Execution via setTracerouteCfg Interface
CVSS 9.8
CVE-2023-39617 CRITICAL
TOTOLINK X5000R Firmware - Remote Code Execution via setLanguageCfg lang Parameter
CVSS 9.8
CVE-2023-39809 CRITICAL
Nvki Intelligent Broadband Subscriber Gateway - Command Injection
CVSS 9.8
CVE-2023-4414 MEDIUM
Byzoro Smart S85F < 2023-08-07 - Command Injection via /log/decodmail.php File Parameter
CVSS 6.3
CVE-2023-38902 HIGH
RG-EW/RG-NBS/RG-S1930/EG/EAP/RA/NBC <3.0(1)B11P219 - Command Injection
CVSS 8.8
CVE-2023-2910 HIGH
ASUSTOR Data Master <=4.2.2.RI61 - Unauthenticated Remote Command Execution via Printer Service
CVSS 8.8
CVE-2023-34215 HIGH
Moxa TN-5900 Firmware < 3.3 - OS Command Injection via Certification-Generation Function
CVSS 7.2
CVE-2023-34214 HIGH
Moxa TN-4900 and TN-5900 Firmware - OS Command Injection via Certificate Generation Function
CVSS 7.2
CVE-2023-34213 HIGH
Moxa TN-5900 Firmware < 3.3 - OS Command Injection via Key-Generation Function
CVSS 8.8
CVE-2023-33239 HIGH
TN-4900/TN-5900 <1.2.4/<3.3 - Command Injection
CVSS 8.8
CVE-2023-33238 HIGH
TN-4900/TN-5900 <1.2.4/<3.3 - Command Injection
CVSS 7.2
CVE-2023-20237 MEDIUM
Cisco Intersight Virtual Appliance - Unauthenticated Access
CVSS 4.3
CVE-2023-20017 MEDIUM
Cisco Intersight Private Virtual Appliance - RCE
CVSS 6.5
CVE-2023-20013 MEDIUM
Cisco Intersight Private Virtual Appliance - RCE
CVSS 6.5
CVE-2023-20209 MEDIUM
Cisco Expressway Series/VCS - Command Injection
CVSS 6.5
CVE-2023-38866 CRITICAL
COMFAST CF-XR11 V2.7.2 - Command Injection
CVSS 9.8
CVE-2023-38864 CRITICAL
COMFAST CF-XR11 2.7.2 - OS Command Injection via portal_delete_picname Parameter
CVSS 9.8
CVE-2023-38865 CRITICAL
COMFAST CF-XR11 V2.7.2 - Command Injection
CVSS 9.8
CVE-2023-38863 CRITICAL
COMFAST CF-XR11 2.7.2 - OS Command Injection via ifname and mac Parameters
CVSS 9.8
CVE-2023-38862 CRITICAL
COMFAST CF-XR11 2.7.2 - OS Command Injection via Destination Parameter
CVSS 9.8
CVE-2023-38861 CRITICAL
Wavlink WL_WNJ575A3 <R75A3_V1410_220513 - RCE
CVSS 9.8
CVE-2023-39293 CRITICAL
MiVoice Office 400 SMB Controller < 1.2.5.23 - Command Injection
CVSS 9.8
CVE-2023-40293 MEDIUM
Harman Infotainment - Unauthenticated Command Injection via D-Bus RPC
CVSS 6.8
CVE-2023-38034 CRITICAL
UniFi Access Points and Switches < 6.5.53/6.5.32 - Remote Code Execution via DHCP Client
CVSS 9.8
CVE-2023-39008 CRITICAL
OPNsense <23.7-23.4.2 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits