Vulnerabilities (CVE)

Filtered by CWE-78
Total 4643 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28905 1 Totolink 2 N600r, N600r Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
CVE-2022-28901 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28896 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28895 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28888 1 Spryker 1 Cloud Commerce 2024-11-21 7.5 HIGH 9.8 CRITICAL
Spryker Commerce OS 1.4.2 allows Remote Command Execution.
CVE-2022-28811 1 Gavazziautomation 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware 2024-11-21 N/A 9.8 CRITICAL
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.
CVE-2022-28584 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28583 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28582 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28581 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28580 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28579 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28578 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28577 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28575 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
CVE-2022-28573 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.
CVE-2022-28572 1 Tenda 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
CVE-2022-28571 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 5.8 MEDIUM 9.8 CRITICAL
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.
CVE-2022-28557 1 Tenda 2 Ac15, Ac15 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
CVE-2022-28494 1 Totolink 2 Cp900, Cp900 Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.