Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36459 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | |||||
| CVE-2022-46598 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. | |||||
| CVE-2022-29539 | 1 Resi | 1 Gemini-net | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user. | |||||
| CVE-2022-25083 | 1 Totolink | 2 A860r, A860r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-28583 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-25081 | 1 Totolink | 2 T10 V2, T10 V2 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-34538 | 1 Dw | 2 Megapix, Megapix Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a crafted POST request. | |||||
| CVE-2022-28557 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution | |||||
| CVE-2022-28572 | 1 Tenda | 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | |||||
| CVE-2022-37860 | 1 Tp-link | 2 M7350, M7350 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. | |||||
| CVE-2022-48123 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2022-34539 | 1 Dw | 2 Megapix, Megapix Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi. This vulnerability is exploitable via a crafted POST request. | |||||
| CVE-2022-37079 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | |||||
| CVE-2022-46597 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | |||||
| CVE-2022-34595 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | |||||
| CVE-2022-28578 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-37810 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. | |||||
| CVE-2022-30023 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | |||||
| CVE-2022-28584 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-36479 | 1 Totolink | 2 N350rt, N350rt Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | |||||