CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,570 vulnerabilities with CWE-77
CVE-2023-31531
HIGH
Motorola CX2L Router 1.0.1 - Command Injection
CVSS 8.8
CVE-2023-31530
HIGH
Motorola CX2L Router 1.0.1 - Command Injection
CVSS 8.8
CVE-2023-31529
HIGH
Motorola CX2L Router 1.0.1 - Command Injection
CVSS 8.8
CVE-2023-31528
HIGH
Motorola CX2L Router 1.0.1 - Command Injection
CVSS 8.8
CVE-2023-24540
CRITICAL
JavaScript - Info Disclosure
CVSS 9.8
CVE-2023-31473
MEDIUM
GL.iNet Firmware < 3.216 - Arbitrary File Write via opkg Configuration File Injection
CVSS 4.9
CVE-2023-2649
HIGH
Tenda AC23 16.03.07.45_cn - Command Injection
CVSS 7.2
CVE-2023-2647
MEDIUM
Weaver E-Office 9.5 - Command Injection
CVSS 6.3
CVE-2023-30353
CRITICAL
Tenda CP3 Firmware V11.10.00.2211041355 - Unauthenticated Remote Code Execution via XML Document
CVSS 9.8
CVE-2023-31476
HIGH
GL.iNet GL-MV1000W and GL-MV1000 Firmware < 3.215 - Arbitrary File Write via Limited Path Injection
CVSS 7.5
CVE-2023-28832
HIGH
SIMATIC Cloud Connect 7 - Command Injection
CVSS 7.2
CVE-2023-27407
CRITICAL
SCALANCE LPE9403 < 2.1 - Authenticated OS Command Injection via Web Management Interface
CVSS 9.9
CVE-2023-22790
HIGH
ArubaOS 10.3.0.0-10.3.1.0 and InstantOS 6.4.0.0-6.4.4.8-4.2.4.20 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-22789
HIGH
ArubaOS 10.3.0.0-10.3.0.9 and InstantOS 6.4.0.0-6.4.4.7 - Authenticated Command Injection
CVSS 7.2
CVE-2023-22788
HIGH
ArubaOS 10.3.0.0-10.3.0.9 and InstantOS 6.4.0.0-6.4.4.7 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-2574
HIGH
Advantech EKI-1521, EKI-1522, EKI-1524 Firmware < 1.21 - Authenticated OS Command Injection via Device Name Input
CVSS 8.8
CVE-2023-2573
HIGH
Advantech EKI-1521, EKI-1522, EKI-1524 Firmware < 1.21 - Authenticated OS Command Injection via NTP Server Input
CVSS 8.8
CVE-2023-30135
CRITICAL
Tenda AC18 v15.03.05.19(6318_)_cn - OS Command Injection via deviceName Parameter
CVSS 9.8
CVE-2023-2520
HIGH
Caton Prime 2.1.2.51.e8d7225049(202303031001) - Command Injection via Ping Handler Destination Argument
CVSS 8.8
CVE-2023-26125
MEDIUM
Gin-Gonic Gin <1.9.0 - Improper Input Validation
CVSS 5.6
CVE-2023-32007
HIGH
Apache Spark UI - Privilege Escalation
CVSS 8.8
CVE-2023-2378
MEDIUM
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
CVSS 6.3
CVE-2023-2377
MEDIUM
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
CVSS 6.3
CVE-2023-2376
MEDIUM
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
CVSS 6.3
CVE-2023-2375
MEDIUM
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
CVSS 6.3
Details
Vulnerabilities
3,570
Exploit Likelihood
High