Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28055 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
|
|||||
| CVE-2022-27947 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
|
|||||
| CVE-2022-27946 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
|
|||||
| CVE-2022-27945 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
|
|||||
| CVE-2022-27903 | 1 Eve-ng | 1 Eve-ng | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.
|
|||||
| CVE-2022-27811 | 1 Gnome | 1 Ocrfeeder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
|
|||||
| CVE-2022-27804 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-27647 | 1 Netgear | 66 Cax80, Cax80 Firmware, Lax20 and 63 more | 2024-11-21 | N/A | 8.0 HIGH |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An a ...
Show More |
|||||
| CVE-2022-27489 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
|
|||||
| CVE-2022-27483 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A | 7.2 HIGH |
|
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.
|
|||||
| CVE-2022-27482 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 7.8 HIGH |
|
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.
|
|||||
| CVE-2022-27373 | 1 Phicomm | 2 Fir303b, Fir303b Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function.
|
|||||
| CVE-2022-27276 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27275 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27274 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27273 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27272 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27271 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27270 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27269 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27268 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet.
|
|||||
| CVE-2022-27224 | 1 Galsys | 2 Nts-6002-gps, Nts-6002-gps Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address).
|
|||||
| CVE-2022-27188 | 1 Yokogawa | 2 B\/m9000 Vp, Centum Vp | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.
|
|||||
| CVE-2022-27005 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-27004 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-27003 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-26994 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-26993 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-26992 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-26991 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-26990 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2022-26868 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
|
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.
|
|||||
| CVE-2022-26670 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.
|
|||||
| CVE-2022-26582 | 1 Paxtechnology | 2 A930, Paydroid | 2024-11-21 | N/A | 7.8 HIGH |
|
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability.
|
|||||
| CVE-2022-26580 | 1 Paxtechnology | 2 A930, Paydroid | 2024-11-21 | N/A | 6.8 MEDIUM |
|
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.
|
|||||
| CVE-2022-26532 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and e ...
Show More |
|||||
| CVE-2022-26518 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||
| CVE-2022-26482 | 1 Poly | 2 Eagleeye Director Ii, Eagleeye Director Ii Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.
|
|||||
| CVE-2022-26481 | 1 Poly | 8 G7500, G7500 Firmware, Studio X30 and 5 more | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.
|
|||||
| CVE-2022-26420 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||