Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37718 | 1 Edgenexus | 1 Application Delivery Controller | 2023-08-08 | N/A | 8.8 HIGH |
| The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors | |||||
| CVE-2022-25060 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | |||||
| CVE-2022-46476 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | |||||
| CVE-2022-28579 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-45506 | 1 Tenda | 2 W30e, W30e Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. | |||||
| CVE-2022-47210 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | |||||
| CVE-2022-25438 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. | |||||
| CVE-2022-24431 | 1 Abacus-ext-cmdline Project | 1 Abacus-ext-cmdline | 2023-08-08 | N/A | 9.8 CRITICAL |
| All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. | |||||
| CVE-2022-36749 | 1 Sourcefabric | 1 Rpi-jukebox-rfid | 2023-08-08 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file. | |||||
| CVE-2022-33941 | 1 Alfasado | 1 Powercms | 2023-08-08 | N/A | 9.8 CRITICAL |
| PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. | |||||
| CVE-2022-25082 | 1 Totolink | 2 A950rg, A950rg Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-28911 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | |||||
| CVE-2022-28494 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-23900 | 1 Wavlink | 2 Wl-wn531p3, Wl-wn531p3 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi. | |||||
| CVE-2022-38308 | 1 Totolink | 2 A7000ru, A7000ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | |||||
| CVE-2022-36633 | 1 Goteleport | 1 Teleport | 2023-08-08 | N/A | 8.8 HIGH |
| Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload. | |||||
| CVE-2022-29080 | 1 Npm-dependency-versions Project | 1 Npm-dependency-versions | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. | |||||
| CVE-2022-28910 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. | |||||
| CVE-2022-38511 | 1 Totolink | 2 A810r, A810r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. | |||||
| CVE-2022-28915 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | |||||