Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34597 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | |||||
| CVE-2022-25438 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. | |||||
| CVE-2022-28907 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. | |||||
| CVE-2022-46631 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. | |||||
| CVE-2022-37081 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | |||||
| CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||||
| CVE-2022-37076 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
| CVE-2022-25061 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | |||||
| CVE-2022-37718 | 1 Edgenexus | 1 Application Delivery Controller | 2023-08-08 | N/A | 8.8 HIGH |
| The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors | |||||
| CVE-2022-36456 | 1 Totolink | 2 A720r, A720r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | |||||
| CVE-2022-38308 | 1 Totolink | 2 A7000ru, A7000ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | |||||
| CVE-2022-28557 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution | |||||
| CVE-2022-28582 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-37082 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. | |||||
| CVE-2022-36510 | 1 H3c | 2 Gr2200, Gr2200 Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2022-29539 | 1 Resi | 1 Gemini-net | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user. | |||||
| CVE-2022-31446 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | |||||
| CVE-2022-28908 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. | |||||
| CVE-2022-28578 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-45699 | 1 Apsystems | 2 Ecu-r, Ecu-r Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. | |||||