Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34597 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | |||||
| CVE-2022-23935 | 1 Exiftool Project | 1 Exiftool | 2023-08-08 | 7.6 HIGH | 7.8 HIGH |
| lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection. | |||||
| CVE-2022-28575 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload | |||||
| CVE-2022-24441 | 1 Snyk | 3 Snyk Cli, Snyk Language Server, Snyk Security | 2023-08-08 | N/A | 8.8 HIGH |
| The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as ‘trusted’ in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: - VS Code - Affected: <=1.8.0, Fixed: 1.9.0 - IntelliJ - Affected: <=2.4.47, Fixed: 2.4.48 - Visual Studio - Affected: <=1.1.30, Fixed: 1.1.31 - Eclipse - Affected: <=v20221115.132308, Fixed: All subsequent versions - Language Server - Affected: <=v20221109.114426, Fixed: All subsequent versions | |||||
| CVE-2022-29013 | 1 Razer | 2 Sila, Sila Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. | |||||
| CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||||
| CVE-2022-31446 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | |||||
| CVE-2022-36481 | 1 Totolink | 2 N350rt, N350rt Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. | |||||
| CVE-2022-25064 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | |||||
| CVE-2022-37081 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | |||||
| CVE-2022-28896 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-25075 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-37057 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | |||||
| CVE-2022-25084 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-28895 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-36487 | 1 Totolink | 2 N350rt, N350rt Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | |||||
| CVE-2022-28905 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. | |||||
| CVE-2022-34596 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | |||||
| CVE-2022-28913 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. | |||||
| CVE-2022-31311 | 1 Wavlink | 2 Aerial X 1200m, Aerial X 1200m Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. | |||||