Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2022-25406
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-24
CVE-2022-25414
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
CVSS Score
9.8
EPSS Score
0.024
Published
2022-02-24
CVE-2022-25417
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-02-24
CVE-2022-25418
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-02-24
CVE-2022-25636
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-02-24
CVE-2022-25072
TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.033
Published
2022-02-24
CVE-2022-25073
TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.033
Published
2022-02-24
CVE-2022-25074
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.033
Published
2022-02-24
CVE-2022-25075
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.431
Published
2022-02-24
CVE-2022-25076
TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.061
Published
2022-02-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved