Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-1629
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
CVSS Score
6.6
EPSS Score
0.006
Published
2022-05-10
CVE-2022-28895
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVSS Score
9.8
EPSS Score
0.334
Published
2022-05-10
CVE-2022-28896
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVSS Score
9.8
EPSS Score
0.334
Published
2022-05-10
CVE-2022-28901
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVSS Score
9.8
EPSS Score
0.334
Published
2022-05-10
CVE-2022-28905
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
CVSS Score
9.8
EPSS Score
0.113
Published
2022-05-10
CVE-2022-28906
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.
CVSS Score
9.8
EPSS Score
0.201
Published
2022-05-10
CVE-2022-28907
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
CVSS Score
9.8
EPSS Score
0.113
Published
2022-05-10
CVE-2022-28908
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
CVSS Score
9.8
EPSS Score
0.113
Published
2022-05-10
CVE-2022-28909
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
CVSS Score
9.8
EPSS Score
0.1
Published
2022-05-10
CVE-2021-42645
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.
CVSS Score
10.0
EPSS Score
0.069
Published
2022-05-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved