| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37823 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer. | ||
| CVE-2022-37822 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. | ||
| CVE-2022-37821 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince. | ||
| CVE-2022-37820 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS. | ||
| CVE-2022-37819 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime. | ||
| CVE-2022-37818 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. | ||
| CVE-2022-37817 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind. | ||
| CVE-2022-37084 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. | ||
| CVE-2022-37083 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. | ||
| CVE-2022-37082 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. | ||
| CVE-2022-37081 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | ||
| CVE-2022-37080 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg. | ||
| CVE-2022-37079 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | ||
| CVE-2022-37078 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. | ||
| CVE-2022-37077 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. | ||
| CVE-2022-36455 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | ||
| CVE-2022-22728 | Hig | 0.49 | 7.5 | 0.05 | Aug 25, 2022 | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | ||
| CVE-2022-37076 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | ||
| CVE-2022-37075 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. | ||
| CVE-2022-37074 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set. | |
| CVE-2022-36510 | — | Hig | 0.52 | 7.8 | 0.12 | Aug 25, 2022 | H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |
| CVE-2022-36509 | — | Hig | 0.52 | 7.8 | 0.12 | Aug 25, 2022 | H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |
| CVE-2022-36508 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPInfoById. | |
| CVE-2022-36507 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddWlanMacList. | |
| CVE-2022-36506 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMacAccessMode. | |
| CVE-2022-36505 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup. | |
| CVE-2022-36504 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID. | |
| CVE-2022-36503 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateMacClone. | |
| CVE-2022-36502 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateWanParams. | |
| CVE-2022-36501 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat. | |
| CVE-2022-36500 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditWlanMacList. | |
| CVE-2022-36499 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function DEleteusergroup. | |
| CVE-2022-36498 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. | |
| CVE-2022-36497 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. | |
| CVE-2022-36496 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMobileAPInfoById. | |
| CVE-2022-36495 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function addactionlist. | |
| CVE-2022-36494 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function edditactionlist. | |
| CVE-2022-36493 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. | |
| CVE-2022-36492 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMacList. | |
| CVE-2022-36491 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateIpv6Params. | |
| CVE-2022-36490 | — | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMacList. | |
| CVE-2022-36489 | — | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EnableIpv6. | |
| CVE-2022-36488 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. | ||
| CVE-2022-36487 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | ||
| CVE-2022-36486 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | ||
| CVE-2022-36485 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | ||
| CVE-2022-36484 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg. | ||
| CVE-2022-36483 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter. | ||
| CVE-2022-36482 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg. | ||
| CVE-2022-36481 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. |
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter.
- risk 0.51cvss 7.8epss 0.01
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.
- risk 0.49cvss 7.5epss 0.05
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.
- risk 0.51cvss 7.8epss 0.00
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.
- risk 0.51cvss 7.8epss 0.01
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set.
- risk 0.52cvss 7.8epss 0.12
H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.
- risk 0.52cvss 7.8epss 0.12
H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPInfoById.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddWlanMacList.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMacAccessMode.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateMacClone.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateWanParams.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditWlanMacList.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function DEleteusergroup.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMobileAPInfoById.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function addactionlist.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function edditactionlist.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMacList.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateIpv6Params.
- risk 0.51cvss 7.8epss 0.01
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMacList.
- risk 0.51cvss 7.8epss 0.00
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EnableIpv6.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.