Filtered by CWE-78
Total 4781 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-26532 1 Zyxel 130 Atp100, Atp100 Firmware, Atp100w and 127 more 2024-11-21 7.8 High
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
CVE-2022-26482 1 Poly 2 Eagleeye Director Ii, Eagleeye Director Ii Firmware 2024-11-21 7.2 High
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.
CVE-2022-26481 1 Poly 8 G7500, G7500 Firmware, Studio X30 and 5 more 2024-11-21 8.8 High
An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.
CVE-2022-26413 1 Zyxel 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more 2024-11-21 8 High
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
CVE-2022-26290 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.
CVE-2022-26289 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.
CVE-2022-26265 1 Contao 1 Contao 2024-11-21 9.8 Critical
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
CVE-2022-26214 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.
CVE-2022-26213 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 9.8 Critical
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26212 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26211 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26210 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26209 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26208 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26207 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26206 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26147 1 Quectel 2 Rg502q-ea, Rg502q-ea Firmware 2024-11-21 9.8 Critical
The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.
CVE-2022-25621 1 Nec 20 Univerge Wa1020, Univerge Wa1020 Firmware, Univerge Wa1510 and 17 more 2024-11-21 9.8 Critical
UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.
CVE-2022-25597 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-11-21 8.8 High
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
CVE-2022-25441 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 9.8 Critical
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.