Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41396 | 1 Tenda | 2 W15e, W15e Firmware | 2024-02-28 | N/A | 7.8 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. | |||||
CVE-2022-38535 | 1 Totolink | 2 A720r, A720r Firmware | 2024-02-28 | N/A | 7.2 HIGH |
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. | |||||
CVE-2022-34595 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | |||||
CVE-2022-39327 | 1 Microsoft | 2 Azure Command-line Interface, Windows | 2024-02-28 | N/A | 9.8 CRITICAL |
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability. | |||||
CVE-2022-2486 | 1 Wavlink | 4 Wl-wn535k2, Wl-wn535k2 Firmware, Wl-wn535k3 and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-30534 | 1 Wwbn | 1 Avideo | 2024-02-28 | N/A | 8.8 HIGH |
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-42053 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2024-02-28 | N/A | 7.8 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | |||||
CVE-2021-44171 | 1 Fortinet | 1 Fortios | 2024-02-28 | N/A | 8.0 HIGH |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. | |||||
CVE-2022-37076 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-02-28 | N/A | 7.8 HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
CVE-2022-36487 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-02-28 | N/A | 7.8 HIGH |
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | |||||
CVE-2022-34596 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | |||||
CVE-2022-30079 | 1 Netgear | 1 R6200 | 2024-02-28 | N/A | 8.8 HIGH |
Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. | |||||
CVE-2022-33873 | 1 Fortinet | 1 Fortitester | 2024-02-28 | N/A | 9.8 CRITICAL |
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. | |||||
CVE-2022-20878 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-02-28 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-35132 | 1 Webmin | 1 Usermin | 2024-02-28 | N/A | 8.8 HIGH |
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | |||||
CVE-2022-31232 | 1 Dell | 1 Smartfabric Storage Software | 2024-02-28 | N/A | 9.8 CRITICAL |
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | |||||
CVE-2022-37081 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-02-28 | N/A | 7.8 HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | |||||
CVE-2022-2550 | 1 Hestiacp | 1 Control Panel | 2024-02-28 | N/A | 8.8 HIGH |
OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | |||||
CVE-2022-41395 | 1 Tenda | 2 W15e, W15e Firmware | 2024-02-28 | N/A | 7.8 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. | |||||
CVE-2022-20910 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-02-28 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. |