CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
ClassDraftLikelihood: High
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (1,036)
page 37 of 52| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1066 | Med | 0.41 | 6.3 | 0.00 | Jan 17, 2026 | A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2026-0732 | Med | 0.41 | 6.3 | 0.00 | Jan 9, 2026 | A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. | |
| CVE-2026-0641 | Med | 0.41 | 6.3 | 0.02 | Jan 6, 2026 | A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | |
| CVE-2026-0581 | Med | 0.41 | 6.3 | 0.01 | Jan 5, 2026 | A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2025-15391 | Med | 0.41 | 6.3 | 0.00 | Dec 31, 2025 | A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2025-15357 | Med | 0.41 | 6.3 | 0.00 | Dec 30, 2025 | A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. | |
| CVE-2025-15254 | Med | 0.41 | 6.3 | 0.01 | Dec 30, 2025 | A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. | |
| CVE-2025-15192 | Med | 0.41 | 6.3 | 0.00 | Dec 29, 2025 | A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | |
| CVE-2025-15191 | Med | 0.41 | 6.3 | 0.00 | Dec 29, 2025 | A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |
| CVE-2025-15139 | Med | 0.41 | 6.3 | 0.01 | Dec 28, 2025 | A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-15133 | Med | 0.41 | 6.3 | 0.00 | Dec 28, 2025 | A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. | |
| CVE-2025-15132 | Med | 0.41 | 6.3 | 0.00 | Dec 28, 2025 | A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure. | |
| CVE-2025-15131 | Med | 0.41 | 6.3 | 0.00 | Dec 28, 2025 | A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure. | |
| CVE-2025-15081 | Med | 0.41 | 6.3 | 0.00 | Dec 25, 2025 | A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-14586 | Med | 0.41 | 6.3 | 0.01 | Dec 13, 2025 | A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2025-14225 | Med | 0.41 | 6.3 | 0.00 | Dec 8, 2025 | A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2025-14208 | Med | 0.41 | 6.3 | 0.00 | Dec 8, 2025 | A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | |
| CVE-2025-14204 | Med | 0.41 | 6.3 | 0.00 | Dec 7, 2025 | A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-14184 | Med | 0.41 | 6.3 | 0.00 | Dec 7, 2025 | A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-1910 | Med | 0.41 | — | 0.00 | Dec 4, 2025 | The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2. |