Total
3799 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-2486 | 1 Wavlink | 4 Wl-wn535k2, Wl-wn535k2 Firmware, Wl-wn535k3 and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-30534 | 1 Wwbn | 1 Avideo | 2024-02-28 | N/A | 8.8 HIGH |
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-42053 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2024-02-28 | N/A | 7.8 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | |||||
CVE-2021-44171 | 1 Fortinet | 1 Fortios | 2024-02-28 | N/A | 8.0 HIGH |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. | |||||
CVE-2022-37076 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-02-28 | N/A | 7.8 HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | |||||
CVE-2022-36487 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-02-28 | N/A | 7.8 HIGH |
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | |||||
CVE-2022-34596 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | |||||
CVE-2022-30079 | 1 Netgear | 1 R6200 | 2024-02-28 | N/A | 8.8 HIGH |
Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. | |||||
CVE-2022-33873 | 1 Fortinet | 1 Fortitester | 2024-02-28 | N/A | 9.8 CRITICAL |
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. | |||||
CVE-2022-20878 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-02-28 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-35132 | 1 Webmin | 1 Usermin | 2024-02-28 | N/A | 8.8 HIGH |
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | |||||
CVE-2022-31232 | 1 Dell | 1 Smartfabric Storage Software | 2024-02-28 | N/A | 9.8 CRITICAL |
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | |||||
CVE-2022-37081 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-02-28 | N/A | 7.8 HIGH |
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | |||||
CVE-2022-2550 | 1 Hestiacp | 1 Control Panel | 2024-02-28 | N/A | 8.8 HIGH |
OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | |||||
CVE-2022-41395 | 1 Tenda | 2 W15e, W15e Firmware | 2024-02-28 | N/A | 7.8 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. | |||||
CVE-2022-20910 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-02-28 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-20855 | 1 Cisco | 30 Catalyst 9105, Catalyst 9105axi, Catalyst 9105axw and 27 more | 2024-02-28 | N/A | 6.7 MEDIUM |
A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller. | |||||
CVE-2022-21178 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2022-33923 | 1 Dell | 10 Emc Powerstore 1200t, Emc Powerstore 1200t Firmware, Emc Powerstore 3200t and 7 more | 2024-02-28 | N/A | 7.8 HIGH |
Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. | |||||
CVE-2022-31137 | 1 Roxy-wi | 1 Roxy-wi | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. |