Security Vulnerabilities - CVEs Published In March 2022
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
CVSS Score
9.8
EPSS Score
0.161
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.
CVSS Score
9.8
EPSS Score
0.161
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
CVSS Score
9.8
EPSS Score
0.145
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.
CVSS Score
9.8
EPSS Score
0.145
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
CVSS Score
9.8
EPSS Score
0.161
Published
2022-03-24
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
CVSS Score
9.8
EPSS Score
0.145
Published
2022-03-24
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
CVSS Score
4.3
EPSS Score
0.001
Published
2022-03-23
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
CVSS Score
8.8
EPSS Score
0.008
Published
2022-03-23
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-03-23
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-03-23