Total
3852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45005 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. | |||||
| CVE-2022-44930 | 1 Dlink | 2 Dhp-w310av, Dhp-w310av Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | |||||
| CVE-2022-44928 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | |||||
| CVE-2022-44877 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A | 9.8 CRITICAL |
| login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. | |||||
| CVE-2022-44844 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. | |||||
| CVE-2022-44843 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. | |||||
| CVE-2022-44808 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. | |||||
| CVE-2022-44720 | 1 Ucopia | 2 Wireless Appliance, Wireless Appliance Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. | |||||
| CVE-2022-44606 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | |||||
| CVE-2022-44567 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the internal video chat window must be disabled or a Mac App Store build must be used (internalVideoChatWindow.ts#L14). The vulnerability may be exploited by an XSS attack because the function openInternalVideoChatWindow is exposed in the Rocket.Chat-Desktop-API. | |||||
| CVE-2022-44456 | 1 Contec | 1 Conprosys Hmi System | 2024-11-21 | N/A | 9.8 CRITICAL |
| CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | |||||
| CVE-2022-44252 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | |||||
| CVE-2022-44251 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | |||||
| CVE-2022-44250 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | |||||
| CVE-2022-44249 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2022-44201 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. | |||||
| CVE-2022-44149 | 1 Nexxtsolutions | 2 Amp300, Amp300 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required | |||||
| CVE-2022-44019 | 1 Totaljs | 1 Total.js | 2024-11-21 | N/A | 8.8 HIGH |
| In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. | |||||
| CVE-2022-43973 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. | |||||
| CVE-2022-43971 | 1 Linksys | 2 Wumc710, Wumc710 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root. | |||||