Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27008 1 F5 1 Njs 2024-11-21 7.5 High
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
CVE-2022-27007 1 F5 1 Njs 2024-11-21 9.8 Critical
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
CVE-2022-27005 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 8.8 High
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27004 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 8.8 High
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27003 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 8.8 High
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27002 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns、ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27001 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27000 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26999 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26998 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26997 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26996 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26995 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26994 1 Arris 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more 2024-11-21 9.8 Critical
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26993 1 Arris 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more 2024-11-21 9.8 Critical
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26992 1 Arris 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more 2024-11-21 9.8 Critical
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26991 1 Arris 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more 2024-11-21 9.8 Critical
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26990 1 Arris 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more 2024-11-21 9.8 Critical
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26988 3 Fastcom, Mercusys, Tp-link 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more 2024-11-21 7.8 High
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.
CVE-2022-26987 3 Fastcom, Mercusys, Tp-link 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more 2024-11-21 7.8 High
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.