CWE-77— Command Injection
3,752 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-77page 50 of 76
- CVE-2024-54006HIGHCVSS 7.2EG 7.22025-01-07
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of a…
- CVE-2024-54007HIGHCVSS 7.2EG 7.22025-01-07
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of a…
- CVE-2024-5461HIGHCVSS 8.0EG 8.02025-02-15
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform …
- CVE-2024-54660HIGHCVSS 8.7EG 8.72025-01-16
A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process …
- CVE-2024-54681LOWCVSS 3.5EG 3.52025-01-17
Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application.
- CVE-2024-54794CRITICALCVSS 9.1EG 9.12025-01-21
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.
- CVE-2024-54802CRITICALCVSS 9.8EG 9.82025-03-31
In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header.
- CVE-2024-55030CRITICALCVSS 9.8EG 9.82025-03-25
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands.
- CVE-2024-55062CRITICALCVSS 9.8EG 9.82025-01-31
Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.
- CVE-2024-55063HIGHCVSS 8.8EG 8.82025-05-19
Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3) keyboard…
- CVE-2024-55414CRITICALCVSS 9.8EG 9.82025-01-07
A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, …
- CVE-2024-55461CRITICALCVSS 9.8EG 9.82024-12-18
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
- CVE-2024-55466MEDIUMCVSS 6.5EG 6.52025-05-12
An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-55544HIGHCVSS 8.8EG 8.82024-12-10
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.
- CVE-2024-55547CRITICALCVSS 9.8EG 9.82024-12-10
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
- CVE-2024-55956CRITICALCVSS 9.8EG 9.8⚠ KEV2024-12-13
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autor…
- CVE-2024-56084HIGHCVSS 7.1EG 7.12024-12-16
An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.
- CVE-2024-56085MEDIUMCVSS 5.9EG 5.92024-12-16
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
- CVE-2024-56086HIGHCVSS 7.1EG 7.12024-12-16
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.
- CVE-2024-56087MEDIUMCVSS 5.9EG 5.92024-12-16
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
- CVE-2024-56836HIGHCVSS 7.5EG 7.52025-12-09
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM …
- CVE-2024-56837HIGHCVSS 7.2EG 7.22025-12-09
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM …
- CVE-2024-57036HIGHCVSS 8.1EG 8.12025-01-21
TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.
- CVE-2024-57211HIGHCVSS 8.0EG 8.02025-01-10
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
- CVE-2024-57212MEDIUMCVSS 5.1EG 5.12025-01-10
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
- CVE-2024-57213MEDIUMCVSS 6.3EG 6.32025-01-10
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
- CVE-2024-57214MEDIUMCVSS 6.3EG 6.32025-01-10
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
- CVE-2024-57222MEDIUMCVSS 6.3EG 6.32025-01-10
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
- CVE-2024-57223CRITICALCVSS 9.8EG 9.82025-01-10
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
- CVE-2024-57224CRITICALCVSS 9.8EG 9.82025-01-10
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
- CVE-2024-57225CRITICALCVSS 9.8EG 9.82025-01-10
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
- CVE-2024-57226HIGHCVSS 8.0EG 8.02025-01-10
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
- CVE-2024-57227HIGHCVSS 8.0EG 8.02025-01-10
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
- CVE-2024-57228HIGHCVSS 8.0EG 8.02025-01-10
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
- CVE-2024-57229CRITICALCVSS 9.8EG 6.52025-05-05
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
- CVE-2024-57230CRITICALCVSS 9.8EG 6.52025-05-05
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
- CVE-2024-57231CRITICALCVSS 9.8EG 6.52025-05-05
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
- CVE-2024-57232CRITICALCVSS 9.8EG 6.52025-05-05
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
- CVE-2024-57233CRITICALCVSS 9.8EG 6.52025-05-05
NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
- CVE-2024-57234CRITICALCVSS 9.8EG 6.52025-05-05
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
- CVE-2024-57235CRITICALCVSS 9.8EG 6.52025-05-05
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
- CVE-2024-57337MEDIUMCVSS 6.5EG 6.52025-05-28
An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.
- CVE-2024-57338MEDIUMCVSS 6.5EG 6.52025-05-28
An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.
- CVE-2024-57536HIGHCVSS 8.0EG 8.02025-01-21
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status.
- CVE-2024-57539HIGHCVSS 8.2EG 8.22025-01-21
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail.
- CVE-2024-57583CRITICALCVSS 9.8EG 9.82025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
- CVE-2024-57590CRITICALCVSS 9.8EG 9.82025-01-27
TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary…
- CVE-2024-57608MEDIUMCVSS 6.5EG 6.52025-02-24
An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component.
- CVE-2024-57685MEDIUMCVSS 5.3EG 5.32025-02-24
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.
- CVE-2024-57695HIGHCVSS 7.7EG 7.72025-11-11
An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in version 8.0 (4164.652.1856) from …
Map vulnerabilities like CWE-77 to your infrastructure
EchelonGraph correlates every CVE — across CWE-77 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →