Total
4644 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37076 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
| CVE-2022-37070 | 1 H3c | 2 Gr-1200w, Gr-1200w Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2022-36962 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | |||||
| CVE-2022-36926 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 8.8 HIGH |
| Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | |||||
| CVE-2022-36779 | 2 Advice, Proscend | 18 Icr 111wg, Icr 111wg Firmware, M301-g and 15 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301 | |||||
| CVE-2022-36749 | 1 Sourcefabric | 1 Rpi-jukebox-rfid | 2024-11-21 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file. | |||||
| CVE-2022-36633 | 1 Goteleport | 1 Teleport | 2024-11-21 | N/A | 8.8 HIGH |
| Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload. | |||||
| CVE-2022-36566 | 1 Yogeshojha | 1 Rengine | 2024-11-21 | N/A | 9.8 CRITICAL |
| Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. | |||||
| CVE-2022-36487 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | |||||
| CVE-2022-36486 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
| CVE-2022-36485 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | |||||
| CVE-2022-36481 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. | |||||
| CVE-2022-36479 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | |||||
| CVE-2022-36461 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | |||||
| CVE-2022-36460 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
| CVE-2022-36459 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | |||||
| CVE-2022-36458 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | |||||
| CVE-2022-36456 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | |||||
| CVE-2022-36455 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | |||||
| CVE-2022-36381 | 1 Nintendo | 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | |||||