Total
4255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36486 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
| CVE-2022-36485 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | |||||
| CVE-2022-36481 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. | |||||
| CVE-2022-36479 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | |||||
| CVE-2022-36461 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | |||||
| CVE-2022-36460 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
| CVE-2022-36459 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | |||||
| CVE-2022-36458 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | |||||
| CVE-2022-36456 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | |||||
| CVE-2022-36455 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | |||||
| CVE-2022-36381 | 1 Nintendo | 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2022-36309 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-36273 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. | |||||
| CVE-2022-35849 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 7.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2022-35845 | 1 Fortinet | 1 Fortitester | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. | |||||
| CVE-2022-35844 | 1 Fortinet | 1 Fortitester | 2024-11-21 | N/A | 6.7 MEDIUM |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. | |||||
| CVE-2022-35555 | 1 Tenda | 2 W6, W6 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. | |||||
| CVE-2022-35273 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. | |||||
| CVE-2022-34883 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2024-11-21 | N/A | 7.2 HIGH |
| OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | |||||
| CVE-2022-34850 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||