CWE-77— Command Injection
3,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-77page 6 of 75
- CVE-2019-20688MEDIUMCVSS 6.8EG 6.82020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.7…
- CVE-2019-20689MEDIUMCVSS 6.8EG 6.82020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.…
- CVE-2019-20701HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20702HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20703HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20704HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20705HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20706HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.
- CVE-2019-20707HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32.
- CVE-2019-20708HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20709HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20710HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20711HIGHCVSS 8.0EG 8.02020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
- CVE-2019-20718MEDIUMCVSS 6.8EG 6.82020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 before 1.0.4.34, R6400 before 1.0.1.44, R6…
- CVE-2019-20722MEDIUMCVSS 6.8EG 6.82020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK2…
- CVE-2019-20724MEDIUMCVSS 6.8EG 6.82020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8…
- CVE-2019-20726MEDIUMCVSS 6.8EG 6.82020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR37…
- CVE-2019-20727MEDIUMCVSS 6.8EG 6.82020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2…
- CVE-2019-20732MEDIUMCVSS 6.7EG 6.72020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.40, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, EX3700 before…
- CVE-2019-20745MEDIUMCVSS 6.8EG 6.82020-04-16
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.10.2 and WAC510 before 5.0.10.2.
- CVE-2019-20757MEDIUMCVSS 6.8EG 6.82020-04-16
NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.
- CVE-2019-20761HIGHCVSS 8.0EG 8.02020-04-16
NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.
- CVE-2019-25029CRITICALCVSS 9.8EG 9.82021-05-26
In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe …
- CVE-2019-3421HIGHCVSS 8.0EG 8.02019-10-31
The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system.
- CVE-2019-3913MEDIUMCVSS 4.9EG 4.92019-01-30
Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.
- CVE-2019-3919HIGHCVSS 8.8EG 8.82019-03-05
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.
- CVE-2019-3920HIGHCVSS 8.8EG 8.82019-03-05
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.
- CVE-2019-4635LOWCVSS 2.7EG 2.72020-01-28
IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.
- CVE-2019-5323HIGHCVSS 7.2EG 7.22020-02-27
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obt…
- CVE-2019-5390CRITICALCVSS 9.8EG 9.82019-06-05
A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5413CRITICALCVSS 9.8EG 9.82019-03-21
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
- CVE-2019-5414HIGHCVSS 8.1EG 8.12019-03-21
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.
- CVE-2019-5420CRITICALCVSS 9.8EG 9.82019-03-27
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails …
- CVE-2019-5424HIGHCVSS 8.8EG 8.82019-04-10
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.
- CVE-2019-5446HIGHCVSS 7.2EG 7.22019-07-10
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.
- CVE-2019-5623CRITICALCVSS 9.8EG 9.82020-04-29
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').
- CVE-2019-6272HIGHCVSS 8.8EG 8.82019-03-21
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
- CVE-2019-6275HIGHCVSS 8.8EG 8.82019-03-21
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
- CVE-2019-6288CRITICALCVSS 9.8EG 9.82021-09-22
Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI.
- CVE-2019-6552CRITICALCVSS 9.8EG 9.82019-04-05
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
- CVE-2019-6579CRITICALCVSS 9.8EG 9.82019-04-17
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulner…
- CVE-2019-6622HIGHCVSS 7.2EG 7.22019-07-02
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only…
- CVE-2019-6689HIGHCVSS 7.8EG 7.82019-04-26
An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Ti…
- CVE-2019-6739HIGHCVSS 8.8EG 8.82019-06-03
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious w…
- CVE-2019-6986HIGHCVSS 7.5EG 7.52019-01-28
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual…
- CVE-2019-7198CRITICALCVSS 9.8EG 9.82020-12-10
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 202010…
- CVE-2019-7537CRITICALCVSS 9.8EG 9.82019-03-21
An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.
- CVE-2019-7610CRITICALCVSS 9.0EG 9.02019-03-25
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execut…
- CVE-2019-7839CRITICALCVSS 9.8EG 9.82019-06-12
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2019-7850CRITICALCVSS 9.8EG 9.82019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
Map vulnerabilities like CWE-77 to your infrastructure
EchelonGraph correlates every CVE — across CWE-77 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →