Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-03-24 CVE-2022-27079 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27080 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27081 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27082 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27083 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-22 CVE-2022-26186 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2022-03-22 CVE-2022-26187 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2022-03-22 CVE-2022-26188 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2022-03-22 CVE-2022-26189 Command Injection vulnerability in Totolink N600R Firmware 4.3.0Cu.7570B20200620
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2022-03-21 CVE-2021-45876 Command Injection vulnerability in Garo products
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection.
network
low complexity
garo CWE-77
critical
 9.8
9.8