Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2022-29639 Command Injection vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.
network
totolink CWE-77
critical
9.3
2022-05-18 CVE-2022-29644 Use of Hard-coded Credentials vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.
network
low complexity
totolink CWE-798
critical
10.0
2022-05-18 CVE-2022-29645 Use of Hard-coded Credentials vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample.
network
low complexity
totolink CWE-798
critical
10.0
2022-05-17 CVE-2022-24388 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-24389 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-24392 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-24393 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-24394 Command Injection vulnerability in Fidelissecurity Deception and Network
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter.
network
low complexity
fidelissecurity CWE-77
critical
9.0
2022-05-17 CVE-2022-23672 Command Injection vulnerability in Arubanetworks Clearpass Policy Manager
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below.
network
low complexity
arubanetworks CWE-77
critical
9.0
2022-05-17 CVE-2022-23673 Command Injection vulnerability in Arubanetworks Clearpass Policy Manager
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below.
network
low complexity
arubanetworks CWE-77
critical
9.0