CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1153

1153 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-4010	Arbitrary Command Injection in Netcom NTC-6200 & NWL-222 — NTC 6200	8.8^AI	High^AI	2025-06-02
CVE-2025-48492	GetSimple CMS RCE in Edit component — GetSimpleCMS-CE	8.8^AI	High^AI	2025-05-30
CVE-2025-4009	Unauthenticated Arbitrary Command Injection in Evertz SDVN — 3080ipx-10G	9.8^AI	Critical^AI	2025-05-28
CVE-2025-5147	Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection — NBR1005GPEV2	6.3	Medium	2025-05-25
CVE-2025-5146	Netcore NBR200V2 HTTP Header routerd passwd_set command injection — NBR1005GPEV2	6.3	Medium	2025-05-25
CVE-2025-5145	Netcore POWER13 Query String cgi-bin command injection — NBR1005GPEV2	6.3	Medium	2025-05-25
CVE-2025-5139	Qualitor Office 365-type Connection testaConexaoOffice365.php command injection — Qualitor	5.6	Medium	2025-05-25
CVE-2025-5126	Teledyne FLIR AX8 settingsregional.php setDataTime command injection — AX8	8.8	High	2025-05-24
CVE-2025-20258	Cisco Duo 命令注入漏洞 — Cisco Duo	5.4	Medium	2025-05-21
CVE-2025-4008	Arbitrary Command Injection in Smartbedded MeteoBridge — MeteoBridge	9.8^AI	Critical^AI	2025-05-21
CVE-2025-5000	Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi control_panel_sw command injection — FGW3000-AH	6.3	Medium	2025-05-20
CVE-2025-4999	Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi sub_4153FC command injection — FGW3000-AH	6.3	Medium	2025-05-20
CVE-2025-4851	TOTOLINK N300RH cstecgi.cgi setUploadUserData command injection — N300RH	6.3	Medium	2025-05-18
CVE-2025-4850	TOTOLINK N300RH cstecgi.cgi setUnloadUserData command injection — N300RH	6.3	Medium	2025-05-18
CVE-2025-4849	TOTOLINK N300RH cstecgi.cgi CloudACMunualUpdateUserdata command injection — N300RH	6.3	Medium	2025-05-18
CVE-2025-4747	Bohua NetDragon Firewall ip_status.php command injection — NetDragon Firewall	6.3	Medium	2025-05-16
CVE-2025-4729	TOTOLINK A3002R/A3002RU HTTP POST Request formMapDelDevice command injection — A3002R	6.3	Medium	2025-05-15
CVE-2025-32702	Visual Studio Remote Code Execution Vulnerability — Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	7.8	High	2025-05-13
CVE-2024-12442	Command injection in EnerSys AMPA versions 24.04 through 24.16, inclusive — AMPA	9.8^AI	Critical^AI	2025-05-09
CVE-2024-11861	Command injection in EnerSys AMPA 22.09 and prior versions — AMPA	7.2^AI	High^AI	2025-05-09
CVE-2025-4454	D-Link DIR-619L wake_on_lan command injection — DIR-619L	6.3	Medium	2025-05-09
CVE-2025-4453	D-Link DIR-619L formSysCmd command injection — DIR-619L	6.3	Medium	2025-05-09
CVE-2025-4445	D-Link DIR-605L wake_on_lan command injection — DIR-605L	6.3	Medium	2025-05-09
CVE-2025-4443	D-Link DIR-605L sub_454F2C command injection — DIR-605L	6.3	Medium	2025-05-08
CVE-2025-31644	Appliance mode BIG-IP iControl REST and tmsh vulnerability — BIG-IP	8.7	High	2025-05-07
CVE-2025-46735	Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` — terraform-provider-windns	8.8^AI	High^AI	2025-05-06
CVE-2025-22476	Dell Storage Manager 命令注入漏洞 — Dell Storage Center - Dell Storage Manager	5.5	Medium	2025-05-06
CVE-2025-4357	Tenda RX3 telnet command injection — RX3	4.7	Medium	2025-05-06
CVE-2025-4350	D-Link DIR-600L wake_on_lan command injection — DIR-600L	8.8	High	2025-05-06
CVE-2025-4349	D-Link DIR-600L formSysCmd command injection — DIR-600L	8.8	High	2025-05-06

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1153 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1153