CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2022-4002 HIGH
Motorola Q14 Firmware < 1.5.0.16 - Authenticated Command Injection via API Request
CVSS 7.2
CVE-2022-35503 HIGH
Open Source MANO v7-v12 - Authenticated Remote Code Execution via VNF Descriptor
CVSS 7.5
CVE-2022-39987 HIGH
RaspAP 2.8.0-2.9.2 - Authenticated OS Command Injection via get_wgkey.php Entity Parameter
CVSS 8.8
CVE-2022-39986 CRITICAL
raspap 2.8.0-2.8.7 - Unauthenticated Command Injection via cfg_id Parameter
CVSS 9.8
CVE-2022-38156 HIGH
Kratos SpectralNet <1.7.5 - Command Injection
CVSS 7.2
CVE-2022-25834 HIGH
Percona XtraBackup < 2.2.24 and 3.x-8.0.27-19 - OS Command Injection via Crafted Filename
CVSS 7.8
CVE-2022-47028 MEDIUM
Action Launcher for Android <50.5 - DoS
CVSS 5.5
CVE-2022-46361 MEDIUM
OneWireless <322.1 - Command Injection
CVSS 6.9
CVE-2022-24630 HIGH
AudioCodes Device Manager Express <7.8.20002.47752 - Command Injection
CVSS 7.2
CVE-2022-29842 CRITICAL
Western Digital My Cloud OS 5 < 5.26.119 - Remote Code Execution via CGI File
CVSS 9.8
CVE-2022-36769 HIGH
IBM Cloud Pak for Data 4.5-4.6 - Unrestricted Upload of File with Dangerous Type
CVSS 7.2
CVE-2022-46640 CRITICAL
Nanoleaf Desktop App <v1.3.1 - Command Injection
CVSS 9.8
CVE-2022-37704 MEDIUM
Amanda 3.5.1 - Privilege Escalation via rundump SUID Binary
CVSS 6.7
CVE-2022-4934 HIGH
Sophos Web Appliance < 4.3.10.4 - Authenticated Command Injection in Exception Wizard
CVSS 7.2
CVE-2022-43623 MEDIUM
D-Link DIR-1935 < 1.03 - Authenticated Remote Code Execution via SetWebFilterSetting WebFilterURLs Parameter
CVSS 6.8
CVE-2022-28496 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 - Command Injection
CVSS 9.8
CVE-2022-28497 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 - Command Injection
CVSS 9.8
CVE-2022-4009 HIGH
Octopus Server 3.0.19-2022.2.8552 - Authenticated Remote Code Execution via Offline Package Creation
CVSS 8.8
CVE-2022-48259 CRITICAL
BiSheng-WNM FW 3.0.0.325 - Command Injection
CVSS 9.8
CVE-2022-48255 CRITICAL
BiSheng-WNM FW 3.0.0.325 - Remote Code Execution via System Command Injection
CVSS 9.8
CVE-2022-45600 HIGH
Aztech WMB250AC Firmware 016 2020 - Unauthenticated Remote Code Execution via Session Bypass
CVSS 8.8
CVE-2022-48338 HIGH
GNU Emacs < 28.2 - Command Injection via ruby-find-library-file Function
CVSS 7.3
CVE-2022-40021 CRITICAL
QVidium Amino A140 < 1.0.0-283 - OS Command Injection
CVSS 9.8
CVE-2022-45701 HIGH
Arris TG2482A Firmware <= 9.1.103GEM9 - Remote Code Execution via Ping Utility
CVSS 8.8
CVE-2022-40022 CRITICAL
Symmetricom SyncServer Unauthenticated Remote Command Execution
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits