Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27001 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-08-03 | 9.8 Critical |
| Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-27081 | 1 Tenda | 2 M3, M3 Firmware | 2024-08-03 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | ||||
| CVE-2022-26997 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-08-03 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-27000 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-08-03 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26995 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-08-03 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26945 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-08-03 | 9.8 Critical |
| go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-26536 | 1 Tenda | 2 M3, M3 Firmware | 2024-08-03 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. | ||||
| CVE-2022-26189 | 1 Totolink | 2 N600r, N600r Firmware | 2024-08-03 | 9.8 Critical |
| TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. | ||||
| CVE-2022-26186 | 1 Totolink | 2 N600r, N600r Firmware | 2024-08-03 | 9.8 Critical |
| TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. | ||||
| CVE-2022-26151 | 1 Citrix | 1 Xenmobile Server | 2024-08-03 | 7.2 High |
| Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. | ||||
| CVE-2022-26188 | 1 Totolink | 2 N600r, N600r Firmware | 2024-08-03 | 9.8 Critical |
| TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. | ||||
| CVE-2022-26187 | 1 Totolink | 2 N600r, N600r Firmware | 2024-08-03 | 9.8 Critical |
| TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. | ||||
| CVE-2022-25834 | 1 Percona | 1 Xtrabackup | 2024-08-03 | 7.8 High |
| In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. | ||||
| CVE-2022-25619 | 1 Profelis | 1 Sambabox | 2024-08-03 | 3.8 Low |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. | ||||
| CVE-2022-25132 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-08-03 | 9.8 Critical |
| A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2022-25135 | 1 Totolink | 2 T6, T6 Firmware | 2024-08-03 | 9.8 Critical |
| A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2022-25133 | 1 Totolink | 2 T6, T6 Firmware | 2024-08-03 | 9.8 Critical |
| A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2022-25136 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-08-03 | 9.8 Critical |
| A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2022-25134 | 1 Totolink | 2 T6, T6 Firmware | 2024-08-03 | 9.8 Critical |
| A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||
| CVE-2022-25130 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-08-03 | 9.8 Critical |
| A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | ||||