Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29472 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-29337 | 1 Cdatatec | 2 Fd702xw-x-r430, Fd702xw-x-r430 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.
|
|||||
| CVE-2022-29256 | 1 Sharp Project | 1 Sharp | 2024-11-21 | 4.6 MEDIUM | 6.5 MEDIUM |
|
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build environment then they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users ...
Show More |
|||||
| CVE-2022-29080 | 1 Npm-dependency-versions Project | 1 Npm-dependency-versions | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.
|
|||||
| CVE-2022-29061 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.2 HIGH |
|
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.
|
|||||
| CVE-2022-29013 | 1 Razer | 2 Sila, Sila Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
|
|||||
| CVE-2022-28915 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
|
|||||
| CVE-2022-28913 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.
|
|||||
| CVE-2022-28912 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
|
|||||
| CVE-2022-28911 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
|
|||||
| CVE-2022-28910 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
|
|||||
| CVE-2022-28909 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
|
|||||
| CVE-2022-28908 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
|
|||||
| CVE-2022-28907 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
|
|||||
| CVE-2022-28906 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.
|
|||||
| CVE-2022-28905 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
|
|||||
| CVE-2022-28901 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
|
|||||
| CVE-2022-28896 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
|
|||||
| CVE-2022-28895 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
|
|||||
| CVE-2022-28888 | 1 Spryker | 1 Cloud Commerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Spryker Commerce OS 1.4.2 allows Remote Command Execution.
|
|||||
| CVE-2022-28811 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.
|
|||||
| CVE-2022-28584 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
|
|||||
| CVE-2022-28583 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
|
|||||
| CVE-2022-28582 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
|
|||||
| CVE-2022-28581 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
|
|||||
| CVE-2022-28580 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
|
|||||
| CVE-2022-28579 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
|
|||||
| CVE-2022-28578 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
|
|||||
| CVE-2022-28577 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
|
|||||
| CVE-2022-28575 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
|
|||||
| CVE-2022-28573 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.
|
|||||
| CVE-2022-28572 | 1 Tenda | 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
|
|||||
| CVE-2022-28571 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 5.8 MEDIUM | 9.8 CRITICAL |
|
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.
|
|||||
| CVE-2022-28557 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
|
|||||
| CVE-2022-28494 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-28491 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-28375 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root,
|
|||||
| CVE-2022-28374 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root.
|
|||||
| CVE-2022-28373 | 1 Verizon | 2 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code execution as root.
|
|||||
| CVE-2022-28171 | 1 Hikvision | 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
|
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.
|
|||||