CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2022-32664 HIGH
MediaTek LinkIt Software Development Kit < 7.3.293.0 - Command Injection in Config Manager
CVSS 8.8
CVE-2022-44621 CRITICAL
Apache Kylin < 4.0.3 - Command Injection via Diagnosis Controller
CVSS 9.8
CVE-2022-46642 CRITICAL
D-Link DIR-846 A1_FW100A43 - Command Injection
CVSS 9.9
CVE-2022-46641 CRITICAL
D-Link DIR-846 A1_FW100A43 - Command Injection
CVSS 9.9
CVE-2022-46421 CRITICAL
Apache Airflow Hive Provider <5.0.0 - Command Injection
CVSS 9.8
CVE-2022-45796 CRITICAL
SHARP Digital Multifunctional System - OS Command Injection via nw_interface.html
CVSS 9.1
CVE-2022-31702 CRITICAL
vRealize Network Insight - Unauthenticated Remote Code Execution via REST API
CVSS 9.8
CVE-2022-44832 CRITICAL
D-Link DIR-3040 Firmware 120B03 - OS Command Injection via SetTriggerLEDBlink Function
CVSS 9.8
CVE-2022-46404 CRITICAL
Atos Unify OpenScape <8.22.18-10.28.13-10.R1.34.4 - Command Injection
CVSS 9.8
CVE-2022-4364 HIGH
Teledyne FLIR AX8 <1.46.16 - Command Injection
CVSS 7.3
CVE-2022-41800 HIGH
F5 BIG-IP - Authenticated Appliance Mode Bypass via Undisclosed iControl REST Endpoint
CVSS 8.7
CVE-2022-3086 HIGH
Cradlepoint IBR600 NCOS <6.5.0.160bc2e - Command Injection
CVSS 7.1
CVE-2022-36962 HIGH
SolarWinds Orion Platform - OS Command Injection
CVSS 7.2
CVE-2022-40282 HIGH
Hirschmann BAT-C2 < 09.13.00r04 - Authenticated Command Injection via FsCreateDir dir Parameter
CVSS 8.8
CVE-2022-45462 CRITICAL
Apache DolphinScheduler < 2.0.6 - Authenticated Command Injection in Alarm Instance Management
CVSS 9.8
CVE-2022-40770 HIGH
ManageEngine ServiceDesk Plus < 13.0 - Authenticated Command Injection
CVSS 7.2
CVE-2022-40765 MEDIUM KEV
Mitel MiVoice Connect <= 22.22.6100.0 - Authenticated Command Injection via Edge Gateway URL Parameters
CVSS 6.8
CVE-2022-40746 HIGH
IBM i Access Client Solutions 1.1.2-1.1.9.0 - Authenticated Arbitrary Code Execution via DLL Hijacking
CVSS 7.2
CVE-2022-42904 HIGH
ManageEngine ADManager Plus <= 7151 - Authenticated Command Injection via Proxy Settings
CVSS 7.2
CVE-2022-36786 CRITICAL
D-Link DSL-224 Firmware 3.0.8 - Authenticated Remote Code Execution via NTP Server Configuration
CVSS 9.9
CVE-2022-40881 CRITICAL
SolarView Compact 6.00 - Command Injection
CVSS 9.8
CVE-2022-43781 CRITICAL
Bitbucket Server/Data Center - Command Injection
CVSS 9.8
CVE-2022-40752 CRITICAL
IBM InfoSphere Information Server 11.7 - Command Injection
CVSS 9.8
CVE-2022-20934 MEDIUM
Cisco Firepower Threat Defense and FXOS - Authenticated OS Command Injection via CLI
CVSS 6.0
CVE-2022-20926 MEDIUM
Cisco Firepower Management Center - Authenticated OS Command Injection via Web Management API
CVSS 6.3
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits