Total
798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31874 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | |||||
| CVE-2022-29842 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. | |||||
| CVE-2022-29712 | 1 Librenms | 1 Librenms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | |||||
| CVE-2022-28618 | 1 Hpe | 4 Nimble Storage All Flash Arrays, Nimble Storage Hybrid Flash Arrays, Nimble Storage Secondary Flash Arrays and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2022-28497 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-28496 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-27588 | 1 Qnap | 1 Qvr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later | |||||
| CVE-2022-27083 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. | |||||
| CVE-2022-27082 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. | |||||
| CVE-2022-27081 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | |||||
| CVE-2022-27080 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. | |||||
| CVE-2022-27079 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. | |||||
| CVE-2022-27078 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. | |||||
| CVE-2022-27077 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. | |||||
| CVE-2022-27076 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. | |||||
| CVE-2022-27002 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-27001 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-27000 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26999 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26998 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||