ReportizFlow
Filtered by vendor
Subscriptions
Total
5432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28583 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | ||||
| CVE-2022-28582 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | ||||
| CVE-2022-28581 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | ||||
| CVE-2022-28580 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | ||||
| CVE-2022-28579 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | ||||
| CVE-2022-28578 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | ||||
| CVE-2022-28577 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | ||||
| CVE-2022-28575 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 9.8 Critical |
| It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload | ||||
| CVE-2022-28573 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. | ||||
| CVE-2022-28572 | 1 Tenda | 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more | 2024-11-21 | 8.8 High |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | ||||
| CVE-2022-28571 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 9.8 Critical |
| D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | ||||
| CVE-2022-28557 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 9.8 Critical |
| There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution | ||||
| CVE-2022-28375 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2024-11-21 | 9.8 Critical |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root, | ||||
| CVE-2022-28374 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2024-11-21 | 8.8 High |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root. | ||||
| CVE-2022-28373 | 1 Verizon | 2 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware | 2024-11-21 | 9.8 Critical |
| Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code execution as root. | ||||
| CVE-2022-28171 | 1 Hikvision | 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more | 2024-11-21 | 7.5 High |
| The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. | ||||
| CVE-2022-28055 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 9.8 Critical |
| Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. | ||||
| CVE-2022-27947 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | ||||
| CVE-2022-27946 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. | ||||
| CVE-2022-27945 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. | ||||