CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-24144 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24143 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24142 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24141 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24140 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24139 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-24138 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 - Command Injection
CVSS 9.8
CVE-2023-0649 MEDIUM
dst-admin 1.5.0 - Remote Command Injection via sendBroadcast Message Argument
CVSS 6.3
CVE-2023-0648 MEDIUM
dst-admin 1.5.0 - Remote Command Injection via MasterConsole Command Parameter
CVSS 6.3
CVE-2023-0647 MEDIUM
dst-admin 1.5.0 - Remote Command Execution via kickPlayer userId Argument
CVSS 6.3
CVE-2023-0646 MEDIUM
dst-admin 1.5.0 - Remote Command Injection via cavesConsole Command Parameter
CVSS 6.3
CVE-2023-0640 HIGH
TRENDnet TEW-652BRP 3.04b01 - Command Injection in Web Interface
CVSS 7.2
CVE-2023-0638 HIGH
TRENDnet TEW-811DRU 1.0.10.0 - Command Injection via Web Interface
CVSS 7.2
CVE-2023-22657 HIGH
F5OS-A 1.2.0-1.2.9 and F5OS-C 1.3.0-1.4.9 - OS Command Injection via Tenant File Name Processing
CVSS 7.0
CVE-2023-0611 HIGH
TRENDnet TEW-652BRP 3.04B01 - Command Injection in Web Management Interface
CVSS 8.8
CVE-2023-24612 CRITICAL
PdfBook < 2.0.5 - Command Injection via Option Parameter
CVSS 9.8
CVE-2023-22884 CRITICAL
Apache Airflow < 2.5.1 and Apache Airflow MySQL Provider < 4.0.0 - Command Injection
CVSS 9.8
CVE-2023-20045 MEDIUM
Cisco Small Business RV160-260 - RCE
CVSS 4.9
CVE-2023-20026 MEDIUM
Cisco Small Business RV016-325 - Command Injection
CVSS 6.5
CVE-2023-0315 HIGH
froxlor/froxlor <2.0.8 - Command Injection
CVSS 8.8
CVE-2023-22496 HIGH
netdata < 1.37.0 - Remote Code Execution via Crafted Registry Hostname in Streaming Alert
CVSS 8.1
CVE-2023-22671 CRITICAL
NSA Ghidra < 10.2.2 - Command Injection via analyzeHeadless Input
CVSS 9.8
CVE-2022-40619 HIGH
NETGEAR Orbi and Router Firmware - Unauthenticated OS Command Injection via FunJSQ Access Token
CVSS 7.7
CVE-2022-32203 CRITICAL
Huawei CV81-WDM Firmware - Command Injection
CVSS 9.8
CVE-2022-1884 CRITICAL
gogs/gogs <=0.12.7 - Remote Command Execution via tree_path Parameter
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits