VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 48 of 78
  • CVE-2026-10061MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.…

  • CVE-2026-10060MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.05

    A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2026-9565MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be…

  • CVE-2026-9534MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack…

  • CVE-2026-9533MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is…

  • CVE-2026-9532MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The…

  • CVE-2026-9531MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried…

  • CVE-2026-9515MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection. The attack may…

  • CVE-2026-9514MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.02

    A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/Net…

  • CVE-2026-9513MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can…

  • CVE-2026-9512MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command…

  • CVE-2026-9511MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the…

  • CVE-2026-9441MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The…

  • CVE-2026-9440MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to…

  • CVE-2026-9439MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed…

  • CVE-2026-9437MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to…

  • CVE-2026-9424MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1…

  • CVE-2026-9402MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argument ateFunc/ateGain/ateRate/ateChan/ateTxCount/e2pTx2Power1/e2pTx2Power2/e2pTx2Po…

  • CVE-2026-9400MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection. It is possible to launch the…

  • CVE-2026-9379MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argument pinCode causes command injection. The attack can be initiated remotely. The…