Total
3872 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26290 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. | |||||
| CVE-2022-26289 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. | |||||
| CVE-2022-26265 | 1 Contao | 1 Contao | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. | |||||
| CVE-2022-26258 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | |||||
| CVE-2022-26214 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. | |||||
| CVE-2022-26213 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26212 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26211 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26210 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26209 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26208 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26207 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26206 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26147 | 1 Quectel | 2 Rg502q-ea, Rg502q-ea Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection. | |||||
| CVE-2022-26085 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26075 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26042 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26007 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-25912 | 1 Simple-git Project | 1 Simple-git | 2024-11-21 | N/A | 8.1 HIGH |
| The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). | |||||
| CVE-2022-25906 | 1 Is-http2 Project | 1 Is-http2 | 2024-11-21 | N/A | 7.4 HIGH |
| All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. | |||||