Total
3031 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40100 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 9.8 Critical |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. | ||||
| CVE-2023-6572 | 1 Gradio Project | 1 Gradio | 2025-05-22 | 8.1 High |
| Command Injection in GitHub repository gradio-app/gradio prior to main. | ||||
| CVE-2025-44854 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44847 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44846 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44845 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44844 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44843 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44842 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44841 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44840 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44839 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44838 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44837 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44836 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2024-52022 | 1 Netgear | 9 R6400 Firmware, R6400v2, R6400v2 Firmware and 6 more | 2025-05-21 | 8 High |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2025-44848 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-21 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44860 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | 6.5 Medium |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44861 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | 6.3 Medium |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44862 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | 6.3 Medium |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||