CVE-2022-43971 Arbitrary code execution in Linksys WUMC710

An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware = 1.0.02 build3. The dosetNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator...

CVE-2022-43973 Arbitrary code execution in Linksys WRT54GL

An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. The CheckTSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges...

CVE-2022-39039

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTPs request to launch Server-Side Request Forgery SSRF attack, to perform arbitrary system command or disrupt service...

CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

CVE-2022-40740

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

Command injection

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

Command injection

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

Authentication flaw

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

CVE-2022-39039 aEnrich a+HRD - Server-Side Request Forgery (SSRF)

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTPs request to launch Server-Side Request Forgery SSRF attack, to perform arbitrary system command or disrupt service...

CVE-2022-40740 Realtek GPON router - Command Injection

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

CVE-2022-40740 Realtek GPON router - Command Injection

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

CVE-2022-46304 ChangingTec ServiSign - Command Injection

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

CVE-2022-39042 aEnrich a+HRD - Improper Authentication

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

CVE-2022-39039

The CVE-2022-39039 issue affects aEnrich’s a+HRD . It is caused by inadequate filtering of a specific URL parameter, allowing an unauthenticated remote attacker to perform a Server-Side Request Forgery (SSRF) by sending arbitrary HTTP(S) requests. The vulnerability can lead to the execution of ar...

CVE-2022-39042

CVE-2022-39042 concerns aEnrich a+HRD, where the login function has improper validation. An unauthenticated, remote attacker can bypass authentication and access API functionality to execute arbitrary system commands or disrupt services. Documented impact includes full authentication bypass and p...

Multiple vulnerabilities in UNIMO Technology digital video recorders

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2022-44620 OS Command Injection CWE-78 - CVE-2022-44606 Hidden Functionality CWE-912 - CVE-2022-43464 The reporter states that attac...

PT-2022-11594 · Sapido · Sapido Rb1732 +3

Name of the Vulnerable Software and Affected Versions: Sapido BR270n affected versions not specified Sapido BRC76n affected versions not specified Sapido GR297 affected versions not specified Sapido RB1732 affected versions not specified Description: A critical issue affects some unknown...

The vulnerability in the web interface for controlling Hirschmann BAT-C2 wireless client software allows a hacker to execute arbitrary code.

The vulnerability of the web interface for managing WLAN client micro-programming software Hirschmann BAT-C2 exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2022-43999

An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...

CVE-2022-43999

CVE-2022-43999 affects BACKCLICK Professional 5.9.63. The issue arises from exposed CORBA management services, allowing arbitrary system commands to be executed on the server. Public documents assign a CRITICAL impact (CVSS v3.1: 9.8, network attack vector, no privileges or user interaction requi...