ReportizFlow
Filtered by vendor
Subscriptions
Total
5432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36455 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 7.8 High |
| TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | ||||
| CVE-2022-36381 | 1 Nintendo | 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware | 2024-11-21 | 7.2 High |
| OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2022-36309 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 8.8 High |
| Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-36273 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. | ||||
| CVE-2022-35845 | 1 Fortinet | 1 Fortitester | 2024-11-21 | 7.6 High |
| Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. | ||||
| CVE-2022-35844 | 1 Fortinet | 1 Fortitester | 2024-11-21 | 6.7 Medium |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. | ||||
| CVE-2022-35555 | 1 Tenda | 2 W6, W6 Firmware | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. | ||||
| CVE-2022-35273 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2024-11-21 | 8.8 High |
| OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2022-34769 | 1 Rashim | 1 Michlol | 2024-11-21 | 6.3 Medium |
| Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user. | ||||
| CVE-2022-34753 | 1 Schneider-electric | 2 Spacelogic C-bus Home Controller, Spacelogic C-bus Home Controller Firmware | 2024-11-21 | 8.8 High |
| A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 (V1.31.460 and prior) | ||||
| CVE-2022-34597 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | ||||
| CVE-2022-34596 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | ||||
| CVE-2022-34595 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | ||||
| CVE-2022-34540 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 8.8 High |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi. This vulnerability is exploitable via a crafted POST request. | ||||
| CVE-2022-34539 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 8.8 High |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi. This vulnerability is exploitable via a crafted POST request. | ||||
| CVE-2022-34538 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 8.8 High |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a crafted POST request. | ||||
| CVE-2022-34527 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | 8.8 High |
| D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | ||||
| CVE-2022-34383 | 1 Dell | 2 Edge Gateway 5200, Edge Gateway 5200 Firmware | 2024-11-21 | 8.1 High |
| Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. | ||||
| CVE-2022-34374 | 1 Dell | 1 Container Storage Modules | 2024-11-21 | 8.8 High |
| Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. | ||||
| CVE-2022-33955 | 1 Ibm | 1 Cics Tx | 2024-11-21 | 6.8 Medium |
| IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312. | ||||