Vulnerabilities (CVE)

Filtered by CWE-77
Total 3383 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24392 1 Fidelissecurity 2 Deception, Network 2026-06-17 9.0 HIGH 8.8 HIGH
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVE-2022-24390 1 Fidelissecurity 2 Deception, Network 2026-06-17 6.5 MEDIUM 8.8 HIGH
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVE-2022-24389 1 Fidelissecurity 2 Deception, Network 2026-06-17 9.0 HIGH 8.8 HIGH
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVE-2022-24388 1 Fidelissecurity 2 Deception, Network 2026-06-17 9.0 HIGH 8.8 HIGH
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVE-2022-24171 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.
CVE-2022-24170 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.
CVE-2022-24168 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters.
CVE-2022-24167 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.
CVE-2022-24165 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.
CVE-2022-24150 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter.
CVE-2022-24148 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.
CVE-2022-24144 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.
CVE-2022-22991 1 Westerndigital 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more 2026-06-17 8.3 HIGH 7.8 HIGH
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
CVE-2022-22688 1 Synology 1 Diskstation Manager 2026-06-17 6.5 MEDIUM 8.8 HIGH
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2022-21941 1 Johnsoncontrols 2 Istar Ultra, Istar Ultra Firmware 2026-06-17 N/A 10.0 CRITICAL
All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.
CVE-2022-21810 1 Smartctl Project 1 Smartctl 2026-06-17 N/A 7.4 HIGH
All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
CVE-2022-21191 1 Global-modules-path Project 1 Global-modules-path 2026-06-17 N/A 7.4 HIGH
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
CVE-2022-21129 1 Paypal 1 Nemo-appium 2026-06-17 N/A 7.4 HIGH
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
CVE-2022-20665 1 Cisco 4 Asr 5500, Asr 5700, Staros and 1 more 2026-06-17 7.2 HIGH 6.0 MEDIUM
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.
CVE-2022-20345 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481