CWE-77: Command Injection

CVE-2022-26997 is a critical command injection vulnerability in Arris TR3300 routers that allows attackers to execute arbitrary system commands via th...

The Arris TR3300 router contains a command injection vulnerability in its static IP configuration function. Attackers can execute arbitrary system com...

CVE-2022-27001 is a critical command injection vulnerability in Arris TR3300 routers that allows attackers to execute arbitrary system commands via th...

CVE-2022-26995 is a critical command injection vulnerability in Arris TR3300 routers that allows attackers to execute arbitrary system commands via cr...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code as root on TP-Link Tapo C200 IP cameras. It affects cameras runni...

This vulnerability in Honeywell HDZP252DI and HBW2PER1 devices allows attackers to perform ARP cache poisoning, enabling video replay attacks. Attacke...

This CVE describes a command injection vulnerability in TOTOLINK router firmware that allows attackers to execute arbitrary commands via crafted MQTT ...

This is a critical command injection vulnerability in TOTOLINK T6 routers that allows attackers to execute arbitrary commands on affected devices by s...

This is a critical command injection vulnerability in TOTOLINK T6 router firmware that allows attackers to execute arbitrary commands via crafted MQTT...

This CVE describes a command injection vulnerability in TOTOLINK router firmware that allows attackers to execute arbitrary commands via crafted MQTT ...

This CVE describes a command injection vulnerability in Tenda AC10U routers that allows remote attackers to execute arbitrary commands with root privi...

This CVE describes a command injection vulnerability in Tenda G1 and G3 routers that allows attackers to execute arbitrary commands via specific param...

CVE-2022-24148 is a critical command injection vulnerability in Tenda AX3 routers that allows attackers to execute arbitrary system commands via the d...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda AX3 routers via command injection in the remoteIp parameter. Attacke...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda G1 and G3 routers by injecting malicious commands into the qvlanIP p...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda G1 and G3 routers via the dmzHost1 parameter in the formSetDMZ funct...

This CVE describes a command injection vulnerability in D-Link DIR-882 routers that allows attackers to execute arbitrary commands via crafted HNAP1 P...

This CVE describes a command injection vulnerability in D-Link DI-7200GV2.E1 routers that allows attackers to execute arbitrary commands via specific ...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DI-7200GV2.E1 routers via command injection in the usb_paswd.asp fu...

This vulnerability in D-Link DI-7200GV2.E1 routers allows attackers to execute arbitrary operating system commands via the url_en parameter in the url...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DI-7200GV2.E1 routers via command injection in the msp_info.htm fun...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-823-Pro routers via command injection in the SetStaticRouteSett...

This vulnerability allows attackers to execute arbitrary commands on D-Link DIR-823-Pro routers via the station_access_enable parameter in the SetStat...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-823-Pro routers via command injection in the samba_name paramet...

CVE-2022-24144 is a critical command injection vulnerability in Tenda AX3 routers that allows attackers to execute arbitrary system commands by manipu...

This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers by injecting malicious commands into the NTPSyncWi...

This critical vulnerability in TOTOLINK X5000R routers allows attackers to execute arbitrary system commands through the firmware upload function. Att...

This CVE describes a command injection vulnerability in TOTOLINK A720R routers that allows attackers to execute arbitrary commands via the QUERY_STRIN...

This vulnerability allows remote attackers to execute arbitrary commands on Tenda G1 and G3 routers by injecting malicious commands into the pic_name ...

This CVE describes a command injection vulnerability in Totolink router firmware that allows attackers to execute arbitrary commands via the IpFrom pa...

This vulnerability allows remote attackers to execute arbitrary commands on affected D-Link DIR-882 routers via a crafted HNAP1 POST request to the tw...

This vulnerability allows remote attackers to execute arbitrary commands on Moxa TN-5900 secure routers through command injection in the firmware. Att...

This CVE describes a command injection vulnerability in the embedded web server of Lexmark devices. Attackers can execute arbitrary commands on affect...

CVE-2021-33963 is a command injection vulnerability in China Mobile An Lianbao WF-1 routers that allows remote attackers to execute arbitrary commands...

Apache Kylin 4.0.0 contains a command injection vulnerability in DiagnosisService where improper validation of project names allows attackers to execu...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on TOTOLINK EX200 routers by injecting malicious parameters i...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on affected NETGEAR devices via command injection. It affects multip...

CVE-2021-43113 is a command injection vulnerability in iTextPDF that allows attackers to execute arbitrary commands on the server by manipulating Ghos...

This critical vulnerability in Digi TransPort devices allows remote attackers with knowledge of the ZING protocol to execute arbitrary commands with S...

This vulnerability allows remote attackers to execute arbitrary commands on Zoho ManageEngine Network Configuration Manager servers due to improper in...

CVE-2021-44079 is a command injection vulnerability in Wazuh's wazuh-slack active response script that allows remote code execution by passing untrust...

CVE-2021-41744 is a critical command injection vulnerability in Yongyou PLM software that allows unauthenticated attackers to execute arbitrary comman...

The shell-quote package for Node.js has a command injection vulnerability due to incorrect regex character class {A-z] instead of {A-Za-z] for Windows...

CVE-2021-42094 is a command injection vulnerability in Zammad that allows attackers to execute arbitrary commands on the server via custom Packages. T...

This vulnerability allows remote attackers to execute arbitrary code on Micro Focus ArcSight ESM systems without authentication. It affects all ArcSig...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on Edgecore ECS2020 devices by sending specially crafted HTTP reques...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on Zoho ManageEngine Desktop Central servers. It affects organizatio...

This vulnerability allows remote attackers to execute arbitrary commands with administrator privileges on Xiaomi AX3600 routers. Attackers can exploit...

CVE-2020-18048 is a command injection vulnerability in CraigMS 1.0 that allows attackers to execute arbitrary commands on the server by entering malic...

This CVE describes a command injection vulnerability in Apache Zeppelin's Spark interpreter settings that allows authenticated users to execute arbitr...