Privilege Escalation

github.com/bottlerocket-os/hotdog is vulnerable to privilege escalation. The vulnerability exists in main function in main.go due to an incomplete fix for CVE-2021-3101, because the target JVM processor doesn't limit the resources and filters which allows an attacker to gain access on host and...

Authentication Bypass

github.com/bottlerocket-os/hotdog is vulnerable to authentication bypass. The vulnerability exists in the main function in main.go because the container doesn't match the selinux label of the target JVM process which allows an attacker to gain access on host and perform unauthorized actions...

The vulnerability of the implementation of the genacgi_main() function in D-Link DIR-859 router microprogramming software allows a hacker to cause a service failure.

The vulnerability of the genacgimain function implementation in D-Link DIR-859 router microprogramming software is related to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure by executing the /gena.cgi...

VulnCheck KEV: CVE-2022-25078

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25084

TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25080

TOTOLink A830R V5.9c.4729B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25082

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25083

TOTOLink A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25075

TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

TOTOLink A3100R Command Injection Vulnerability (CNVD-2022-17024)

Totolink A3100R is a series of wireless routers from Totolink China.A command injection vulnerability exists in Totolink A3100R V4.1.2cu.5050B20200504, which stems from the failure to properly filter special characters, commands, etc. in the QUERYSTRING parameter in the Main function. An attacker...

CVE-2022-25084

TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25075

TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25080

TOTOLink A830R V5.9c.4729B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25083

TOTOLink A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...