CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-1458 HIGH
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
CVSS 7.2
CVE-2023-1457 HIGH
Ubiquiti EdgeRouter X 2.0.9-hotfix.6 - Command Injection
CVSS 7.2
CVE-2023-1456 HIGH
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
CVSS 7.2
CVE-2023-23149 CRITICAL
DEK-1705 Firmware <= 34.23.1 - OS Command Injection
CVSS 9.8
CVE-2023-20097 MEDIUM
Cisco Wireless LAN Controller Software < 8.10.183.0 - Authenticated Command Injection via Controller CLI
CVSS 4.6
CVE-2023-27135 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2023-27078 CRITICAL
TP-Link MR3020 <v.1_150921 - Command Injection
CVSS 9.8
CVE-2023-27079 HIGH
Tenda G103 v.1.0.05 - Command Injection
CVSS 7.5
CVE-2023-27224 CRITICAL
Nginx Proxy Manager 2.9.19 - Code Execution via Lua in Configuration File
CVSS 9.8
CVE-2023-1168 HIGH
ArubaOS-CX 10.06.0000-10.06.0240 - Authenticated Remote Code Execution in Network Analytics Engine
CVSS 7.2
CVE-2023-28425 MEDIUM
Redis 7.0.8-7.0.9 - Authenticated Denial of Service via MSETNX Command
CVSS 5.5
CVE-2023-28110 MEDIUM
fit2cloud jumpserver < 2.28.8 - Command Injection via Illegal Kubernetes Tokens
CVSS 5.7
CVE-2023-28460 HIGH
Array Networks APV - Command Injection
CVSS 7.2
CVE-2023-1389 HIGH KEV
TP-Link Archer AX21 Firmware < 1.1.4 - Unauthenticated Command Injection via Country Parameter
CVSS 8.8
CVE-2023-24229 HIGH
DrayTek Vigor2960 v1.5.1.4 - Command Injection
CVSS 7.8
CVE-2023-27240 CRITICAL
Tenda AX3 V16.03.12.11 - Command Injection
CVSS 9.8
CVE-2023-27581 HIGH
github-slug-action 4.0.0-4.4.0 - Remote Code Execution via github.head_ref Parameter
CVSS 8.8
CVE-2023-0351 HIGH
Akuvox E11 Firmware - Command Injection via Phone-Book Contacts Functionality
CVSS 8.8
CVE-2023-0978 MEDIUM
Mcafee Advanced Threat Defense < 4.14.2 - Command Injection
CVSS 6.4
CVE-2023-0628 MEDIUM
Docker Desktop < 4.17.0 - Remote Code Execution via Malicious docker-desktop:// URL
CVSS 6.1
CVE-2023-1277 HIGH
kylin-system-updater < 1.4.20kord - OS Command Injection in Update Handler InstallSnap Function
CVSS 7.8
CVE-2023-0093 HIGH
Okta Advanced Server Access Client <1.65.0 - Command Injection
CVSS 8.8
CVE-2023-1162 HIGH
DrayTek Vigor 2960 1.5.1.4/1.5.1.5 - OS Command Injection via Web Management Interface
CVSS 7.2
CVE-2023-1097 CRITICAL
Baicells EG7035-M11 Firmware <= BCE-ODU-1.0.8 - Unauthenticated Remote Code Execution via HTTP GET Command Injection
CVSS 9.3
CVE-2023-22770 HIGH
ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-2.3.0.7 - Authenticated Command Injection via CLI
CVSS 7.2
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits