Weaknesses of type CWE-77

2,524 results
CVE-2026-5176MEDIUMTotolink A3300R cstecgi.cgi setSyslogCfg command injectionEPSS 1.9%CVE-2025-59689MEDIUMLibraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been releaseEPSS 1.9%KEVCVE-2025-22949CRITICALTenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execEPSS 1.9%CVE-2026-5463CRITICALCommand injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newlinEPSS 1.9%CVE-2022-20801MEDIUMCisco Small Business RV Series Routers Command Injection VulnerabilitiesEPSS 1.9%CVE-2026-3696MEDIUMTotolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injectionEPSS 1.9%CVE-2025-4076MEDIUMLB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injectionEPSS 1.9%CVE-2023-24160CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg funEPSS 1.9%CVE-2023-24161CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx fEPSS 1.9%CVE-2023-24159CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg funEPSS 1.9%CVE-2023-24138CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost EPSS 1.9%CVE-2023-26848CRITICALTOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStatEPSS 1.9%CVE-2023-27232CRITICALTOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /settingEPSS 1.9%CVE-2023-24236CRITICALTOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/deEPSS 1.9%CVE-2023-24276CRITICALTOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delEPSS 1.9%CVE-2023-24238CRITICALTOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaEPSS 1.9%CVE-2023-26978CRITICALTOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /settingEPSS 1.9%CVE-2023-24146CRITICALTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg fuEPSS 1.9%CVE-2025-3546HIGHH3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injectionEPSS 1.9%CVE-2026-9454CRITICALTotolink A8000RU Web Management cstecgi.cgi setOpenVpnCertGenerationCfg os command injectionEPSS 1.9%