Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-24 | CVE-2022-27081 | Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | 9.8 |
| 2022-03-24 | CVE-2022-27082 | Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. | 9.8 |
| 2022-03-24 | CVE-2022-27083 | Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. | 9.8 |
| 2022-03-22 | CVE-2022-26186 | Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. | 7.5 |
| 2022-03-22 | CVE-2022-26187 | Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. | 7.5 |
| 2022-03-22 | CVE-2022-26188 | Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. | 7.5 |
| 2022-03-22 | CVE-2022-26189 | Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. | 7.5 |
| 2022-03-21 | CVE-2021-45876 | Command Injection vulnerability in Garo products Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. | 7.5 |
| 2022-03-15 | CVE-2022-26995 | Command Injection vulnerability in Commscope Arris Tr3300 Firmware 1.0.13 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. | 9.8 |
| 2022-03-15 | CVE-2022-26996 | Command Injection vulnerability in Commscope Arris Tr3300 Firmware 1.0.13 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. | 9.8 |