CVE-2022-36554
A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges.
Source: CVE-2022-36554
[월:] 2022년 08월
CVE-2022-36556
CVE-2022-36556
Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01.
Source: CVE-2022-36556
CVE-2022-37680
CVE-2022-37680
An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi.
Source: CVE-2022-37680
CVE-2022-37681
CVE-2022-37681
Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi.
Source: CVE-2022-37681
CVE-2022-38625
CVE-2022-38625
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code.
Source: CVE-2022-38625
CVE-2022-36559
CVE-2022-36559
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi.
Source: CVE-2022-36559
CVE-2022-36553
CVE-2022-36553
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
Source: CVE-2022-36553
CVE-2022-36557
CVE-2022-36557
Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file.
Source: CVE-2022-36557
CVE-2022-36558
CVE-2022-36558
Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg.
Source: CVE-2022-36558
CVE-2022-36560
CVE-2022-36560
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh.
Source: CVE-2022-36560