EPhaha/IOT_vuln

GitHub

github.com

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

Stars68

IOT vuln

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-46634 ↗	Dec 15, 2022Thursday, 15 December 2022, 22:15	9.8 CRITICAL	—
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.
CVE-2022-46631 ↗	Dec 15, 2022Thursday, 15 December 2022, 22:15	9.8 CRITICAL	—
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
CVE-2022-44843 ↗	Nov 25, 2022Friday, 25 November 2022, 20:15	9.8 CRITICAL	—
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.
CVE-2022-44844 ↗	Nov 25, 2022Friday, 25 November 2022, 20:15	9.8 CRITICAL	—
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
CVE-2022-30923 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm.
CVE-2022-30926 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm.
CVE-2022-30925 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.
CVE-2022-30924 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.
CVE-2022-30914 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm.
CVE-2022-30922 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.
CVE-2022-30921 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm.
CVE-2022-30920 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm.
CVE-2022-30919 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm.
CVE-2022-30918 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm.
CVE-2022-30917 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm.
CVE-2022-30916 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm.
CVE-2022-30915 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm.
CVE-2022-30910 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm.
CVE-2022-30909 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm.
CVE-2022-30912 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm.
CVE-2022-30913 ↗	Jun 8, 2022Wednesday, 8 June 2022, 14:15	9.8 CRITICAL	10 HIGH
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm.
CVE-2022-29321 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
CVE-2022-28913 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.
CVE-2022-29328 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.
CVE-2022-29327 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
CVE-2022-29326 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
CVE-2022-29325 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.
CVE-2022-29324 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.
CVE-2022-29323 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
CVE-2022-29322 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
CVE-2022-28910 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
CVE-2022-28915 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
CVE-2022-29329 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.
CVE-2022-28912 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
CVE-2022-28911 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
CVE-2022-28895 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28909 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
CVE-2022-28908 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
CVE-2022-28907 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
CVE-2022-28906 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.
CVE-2022-28905 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
CVE-2022-28901 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28896 ↗	May 10, 2022Tuesday, 10 May 2022, 14:15	9.8 CRITICAL	10 HIGH
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28577 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28583 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28575 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
CVE-2022-28584 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28578 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28579 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28580 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28581 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28582 ↗	May 5, 2022Thursday, 5 May 2022, 18:15	9.8 CRITICAL	10 HIGH
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-27022 ↗	Apr 7, 2022Thursday, 7 April 2022, 16:15	9.8 CRITICAL	10 HIGH
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
CVE-2022-27016 ↗	Apr 7, 2022Thursday, 7 April 2022, 15:15	9.8 CRITICAL	10 HIGH
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
CVE-2022-25446 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function.
CVE-2022-25435 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.
CVE-2022-25460 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function.
CVE-2022-25459 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function.
CVE-2022-25458 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.
CVE-2022-25457 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
CVE-2022-25456 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.
CVE-2022-25455 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
CVE-2022-25454 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.
CVE-2022-25453 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.
CVE-2022-25452 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.
CVE-2022-25451 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.
CVE-2022-25450 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
CVE-2022-25449 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.
CVE-2022-25448 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function.
CVE-2022-25447 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
CVE-2022-25461 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.
CVE-2022-25445 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
CVE-2022-25441 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.
CVE-2022-25440 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
CVE-2022-25439 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
CVE-2022-25438 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.
CVE-2022-25437 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
CVE-2022-25431 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.
CVE-2022-25434 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.
CVE-2022-25433 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.
CVE-2022-25429 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
CVE-2022-25428 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.
CVE-2022-25427 ↗	Mar 18, 2022Friday, 18 March 2022, 21:15	9.8 CRITICAL	10 HIGH
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
CVE-2022-25414 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	10 HIGH
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
CVE-2022-25418 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	10 HIGH
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
CVE-2022-25417 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	10 HIGH
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
CVE-2022-25083 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25084 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25072 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	10 HIGH
TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
CVE-2022-25082 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25081 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25080 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25079 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25078 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25077 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25076 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25075 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	7.5 HIGH
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25074 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	10 HIGH
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
CVE-2022-25073 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	9.8 CRITICAL	10 HIGH
TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.