Total
798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26997 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26996 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26995 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26536 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. | |||||
| CVE-2022-26189 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. | |||||
| CVE-2022-26188 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. | |||||
| CVE-2022-26187 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. | |||||
| CVE-2022-26186 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. | |||||
| CVE-2022-25137 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25136 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25135 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25134 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25133 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25132 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25131 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-25130 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-24171 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters. | |||||
| CVE-2022-24170 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters. | |||||
| CVE-2022-24168 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters. | |||||
| CVE-2022-24167 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter. | |||||