Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36481 | 1 Totolink | 2 N350rt, N350rt Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. | |||||
| CVE-2022-29013 | 1 Razer | 2 Sila, Sila Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. | |||||
| CVE-2022-48122 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2022-28583 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-37893 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2023-08-08 | N/A | 7.8 HIGH |
| An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | |||||
| CVE-2022-25083 | 1 Totolink | 2 A860r, A860r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-28910 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. | |||||
| CVE-2022-28572 | 1 Tenda | 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | |||||
| CVE-2022-25075 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-31311 | 1 Wavlink | 2 Aerial X 1200m, Aerial X 1200m Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. | |||||
| CVE-2022-48108 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-23389 | 1 Publiccms | 1 Publiccms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | |||||
| CVE-2022-47853 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. | |||||
| CVE-2022-45043 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | |||||
| CVE-2022-34527 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | |||||
| CVE-2022-28915 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | |||||
| CVE-2022-38531 | 1 Fpt | 4 G-97rg3, G-97rg3 Firmware, G-97rg6m and 1 more | 2023-08-08 | N/A | 8.8 HIGH |
| FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function. | |||||
| CVE-2022-36459 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | |||||
| CVE-2022-28571 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 5.8 MEDIUM | 9.8 CRITICAL |
| D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | |||||
| CVE-2022-34596 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | |||||