Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46476 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | |||||
| CVE-2022-29080 | 1 Npm-dependency-versions Project | 1 Npm-dependency-versions | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. | |||||
| CVE-2022-37070 | 1 H3c | 2 Gr-1200w, Gr-1200w Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2022-36458 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | |||||
| CVE-2022-28896 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-36487 | 1 Totolink | 2 N350rt, N350rt Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | |||||
| CVE-2022-47208 | 1 Netgear | 12 Nighthawk Ax11000, Nighthawk Ax11000 Firmware, Nighthawk Ax1800 and 9 more | 2023-08-08 | N/A | 8.8 HIGH |
| The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | |||||
| CVE-2022-28581 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-45506 | 1 Tenda | 2 W30e, W30e Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. | |||||
| CVE-2022-25079 | 1 Totolink | 1 A810r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-28911 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | |||||
| CVE-2022-26258 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | |||||
| CVE-2022-28579 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-28374 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root. | |||||
| CVE-2022-37878 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-08-08 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-32054 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. | |||||
| CVE-2022-45497 | 1 Tenda | 2 W6-s, W6-s Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. | |||||
| CVE-2021-27561 | 1 Yealink | 1 Device Management | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. | |||||
| CVE-2022-28901 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-48125 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||