CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

744 matches found

OSV•added 2023/02/07 2:15 a.m.•3 views

CVE-2022-38547

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which...

7.2CVSS5.9AI score

Exploits0References1

CNNVD•added 2023/02/07 12:0 a.m.•3 views

ZyXEL ZyWALL USG 操作系统命令注入漏洞

Zyxel ZyXEL ZyWALL USG is a network security firewall appliance from China Hopkins Zyxel. A security vulnerability exists in Zyxel ZyWALL/USG versions 4.20 to 4.72, VPN versions 4.30 to 5.32, USG FLEX versions 4.50 to 5.32, and ATP versions 4.32 to 5.32. The vulnerability stems from a...

7.2CVSS7.3AI score0.02806EPSS

Exploits0References2

Positive Technologies•added 2023/01/10 12:0 a.m.•2 views

PT-2023-2588 · Zyxel · Zyxel Nbg6604

Name of the Vulnerable Software and Affected Versions: Zyxel NBG6604 version V1.01ABIR.0C0 Description: The issue is related to a post-authentication command injection vulnerability. This could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...

9CVSS9AI score0.01647EPSS

Exploits0References6

Positive Technologies•added 2023/01/10 12:0 a.m.•3 views

PT-2023-7463 · Zyxel · Zyxel Usg Flex 50 +7

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.35 Zyxel USG FLEX series versions 4.50 through 5.35 Zyxel USG FLEX 50W versions 4.16 through 5.35 Zyxel USG20W-VPN versions 4.16 through 5.35 Zyxel VPN series versions 4.30 through 5.35 Zyxel NWA110AX...

6.8CVSS6.1AI score0.00771EPSS

Exploits0References5

OSV•added 2022/12/01 6:15 p.m.•2 views

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

2.7CVSS5.8AI score0.00698EPSS

Exploits0References1

Positive Technologies•added 2022/12/01 12:0 a.m.•4 views

PT-2022-6069 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 19.5 GA Description: A post-auth read-only SQL injection issue allows API clients to read non-sensitive configuration database contents in the API controller. This can enable a remote attacker to gain...

4CVSS8.3AI score0.00698EPSS

Exploits0References8

Positive Technologies•added 2022/12/01 12:0 a.m.•5 views

PT-2022-6071 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 19.5 GA Description: The issue is related to a post-auth read-only SQL injection vulnerability in the User Portal component of Sophos Firewall. This vulnerability can be exploited by a remote attacker to gain...

4.3CVSS8.3AI score0.00698EPSS

Exploits0References8

CNVD•added 2022/11/25 12:0 a.m.•4 views

TOTOLINK LR350 Buffer Overflow Vulnerability (CNVD-2025-17700)

TOTOLINK LR350 is a 4G LTE router from China's TOTOLINK , which supports converting 4G signals to wired signals for home and office scenarios. A buffer overflow vulnerability exists in the TOTOLINK LR350. The vulnerability originates from a buffer overflow after authentication via the command...

8.8CVSS8.7AI score0.02334EPSS

Exploits1References1

OSV•added 2022/11/23 4:15 p.m.•4 views

CVE-2022-44260

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function...

8.8CVSS6AI score0.0211EPSS

Exploits1References1

NVD•added 2022/11/23 4:15 p.m.•18 views

CVE-2022-44260

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function...

8.8CVSS0.0211EPSS

Exploits1References1

OSV•added 2022/11/23 4:15 p.m.•2 views

CVE-2022-44254

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function...

8.8CVSS6AI score0.0211EPSS

Exploits1References1

OSV•added 2022/11/23 4:15 p.m.•2 views

CVE-2022-44257

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function...

8.8CVSS6AI score0.0211EPSS

Exploits1References1

OSV•added 2022/11/23 4:15 p.m.•2 views

CVE-2022-44256

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function...

8.8CVSS6AI score0.0211EPSS

Exploits1References1

OSV•added 2022/11/23 4:15 p.m.•1 views

CVE-2022-44253

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function...

8.8CVSS6AI score0.0211EPSS

Exploits1References1

OSV•added 2022/11/23 4:15 p.m.•3 views

CVE-2022-44259

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function...

8.8CVSS6AI score0.0211EPSS

Exploits1References1

OSV•added 2022/11/23 4:15 p.m.•3 views

CVE-2022-44258

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function...

8.8CVSS6AI score0.02334EPSS

Exploits1References1

NVD•added 2022/11/23 4:15 p.m.•15 views

CVE-2022-44258

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function...

8.8CVSS0.02334EPSS

Exploits1References1