CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-24236 CRITICAL
TOTOlink A7100RU - Command Injection
CVSS 9.8
CVE-2023-0861 HIGH
Netmodule Router Software < 4.3.0.119 - Command Injection
CVSS 7.2
CVE-2023-0849 MEDIUM
Netgear WNDR3700v2 1.0.1.14 - Command Injection via Web Interface
CVSS 4.7
CVE-2023-21778 HIGH
Microsoft Dynamics Unified Service Desk - RCE
CVSS 8.0
CVE-2023-21805 HIGH
Windows MSHTML Platform - Remote Code Execution
CVSS 7.8
CVE-2023-22935 HIGH
Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 - Authenticated SPL Safeguard Bypass via Search Parameter
CVSS 8.1
CVE-2023-0830 MEDIUM
EasyNAS 1.1.0 - OS Command Injection via /backup.pl
CVSS 6.3
CVE-2023-24161 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24160 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24159 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-0789 HIGH
phpmyfaq < 3.1.11 - Command Injection
CVSS 8.1
CVE-2023-0127 HIGH
Firmware Update - Command Injection
CVSS 7.8
CVE-2023-0776 HIGH
Baicells Neutrino/Nova 430/436Q < QRTB 2.12.7 - RCE via HTTP Command Injection
CVSS 8.1
CVE-2023-23333 CRITICAL
SolarView Compact Firmware <= 6.00 - Remote Command Execution via downloader.php
CVSS 9.8
CVE-2023-24276 CRITICAL
TOTOlink A7100RU(V7.4cu.2313_B20191024) - Command Injection
CVSS 9.8
CVE-2023-24157 CRITICAL
TOTOLINK T8 V4.1.5cu - Command Injection
CVSS 9.8
CVE-2023-24156 CRITICAL
TOTOLINK T8 V4.1.5cu - Command Injection
CVSS 9.8
CVE-2023-24154 CRITICAL
TOTOLINK T8 V4.1.5cu - Command Injection
CVSS 9.8
CVE-2023-24153 CRITICAL
TOTOLINK T8 V4.1.5cu - Command Injection
CVSS 9.8
CVE-2023-24152 CRITICAL
TOTOLINK T8 V4.1.5cu - Command Injection
CVSS 9.8
CVE-2023-24151 CRITICAL
TOTOLINK T8 V4.1.5cu - Command Injection
CVSS 9.8
CVE-2023-24150 CRITICAL
TOTOLINK T8 V4.1.5cu - Command Injection
CVSS 9.8
CVE-2023-24148 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24146 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24145 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits