CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-37568 HIGH
ELECOM WRC-1167GHBK-S and WRC-1167GEBK-S < 1.03 - Authenticated OS Command Injection
CVSS 8.0
CVE-2023-37567 CRITICAL
ELECOM Wireless LAN Routers < 1.24 - Unauthenticated Command Injection via Web Management Page
CVSS 9.8
CVE-2023-37566 HIGH
ELECOM and LOGITEC Wireless LAN Routers - Authenticated Command Injection via Web Management Page
CVSS 8.0
CVE-2023-36755 CRITICAL
RUGGEDCOM ROX -<V2.16.0 - Path Traversal
CVSS 9.1
CVE-2023-36754 CRITICAL
RUGGEDCOM ROX -<V2.16.0 - Path Traversal
CVSS 9.1
CVE-2023-36753 CRITICAL
RUGGEDCOM ROX -<V2.16.0 - Path Traversal
CVSS 9.1
CVE-2023-36752 CRITICAL
RUGGEDCOM ROX -<V2.16.0 - Path Traversal
CVSS 9.1
CVE-2023-36751 CRITICAL
RUGGEDCOM ROX -<V2.16.0 - Path Traversal
CVSS 9.1
CVE-2023-36750 CRITICAL
RUGGEDCOM ROX -<V2.16.0 - Path Traversal
CVSS 9.1
CVE-2023-37149 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 - OS Command Injection via FileName Parameter
CVSS 9.8
CVE-2023-37148 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 - OS Command Injection via setUssd ussd Parameter
CVSS 9.8
CVE-2023-37146 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 - OS Command Injection via UploadFirmwareFile FileName Parameter
CVSS 9.8
CVE-2023-37145 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 - OS Command Injection via Hostname Parameter
CVSS 9.8
CVE-2023-37144 CRITICAL
Tendacn Ac10 Firmware - Command Injection
CVSS 9.8
CVE-2023-24583 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 8.8
CVE-2023-24582 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 8.8
CVE-2023-24520 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 8.8
CVE-2023-24519 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 8.8
CVE-2023-23550 HIGH
Milesight UR32L v32.3.0.5 - OS Command Injection via ys_thirdparty user_delete
CVSS 7.2
CVE-2023-22659 HIGH
Milesight UR32L v32.3.0.5 - OS Command Injection via libzebra.so change_hostname
CVSS 7.2
CVE-2023-22371 HIGH
Milesight VPN <2.0.2 - Command Injection
CVSS 8.1
CVE-2023-22306 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 7.2
CVE-2023-36458 MEDIUM
1Panel < 1.3.6 - Authenticated Command Injection via Container Terminal
CVSS 6.3
CVE-2023-36457 MEDIUM
1Panel < 1.3.6 - Authenticated Command Injection via Container Repository Addition
CVSS 6.3
CVE-2023-35974 HIGH
ArubaOS 6.5.4.0-8.6.0.21 - Authenticated Command Injection via CLI
CVSS 7.2
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits