Total
5133 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36749 | 1 Sourcefabric | 1 Rpi-jukebox-rfid | 2024-11-21 | 9.8 Critical |
| RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file. | ||||
| CVE-2022-36633 | 1 Goteleport | 1 Teleport | 2024-11-21 | 8.8 High |
| Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload. | ||||
| CVE-2022-36566 | 1 Yogeshojha | 1 Rengine | 2024-11-21 | 9.8 Critical |
| Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. | ||||
| CVE-2022-36487 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | ||||
| CVE-2022-36486 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | ||||
| CVE-2022-36485 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | ||||
| CVE-2022-36481 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. | ||||
| CVE-2022-36479 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | ||||
| CVE-2022-36461 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | ||||
| CVE-2022-36460 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | ||||
| CVE-2022-36459 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | ||||
| CVE-2022-36458 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | ||||
| CVE-2022-36456 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.8 High |
| TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | ||||
| CVE-2022-36455 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 7.8 High |
| TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | ||||
| CVE-2022-36381 | 1 Nintendo | 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware | 2024-11-21 | 7.2 High |
| OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2022-36309 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 8.8 High |
| Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-36273 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. | ||||
| CVE-2022-35845 | 1 Fortinet | 1 Fortitester | 2024-11-21 | 7.6 High |
| Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. | ||||
| CVE-2022-35844 | 1 Fortinet | 1 Fortitester | 2024-11-21 | 6.7 Medium |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. | ||||
| CVE-2022-35555 | 1 Tenda | 2 W6, W6 Firmware | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. | ||||