Total
4643 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28905 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. | |||||
CVE-2022-28901 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2022-28896 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2022-28895 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
CVE-2022-28888 | 1 Spryker | 1 Cloud Commerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Spryker Commerce OS 1.4.2 allows Remote Command Execution. | |||||
CVE-2022-28811 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands. | |||||
CVE-2022-28584 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28583 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28582 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28581 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28580 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28579 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28578 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28577 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28575 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload | |||||
CVE-2022-28573 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. | |||||
CVE-2022-28572 | 1 Tenda | 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | |||||
CVE-2022-28571 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 5.8 MEDIUM | 9.8 CRITICAL |
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | |||||
CVE-2022-28557 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution | |||||
CVE-2022-28494 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. |