Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-2070
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.
CVSS Score
9.8
EPSS Score
0.04
Published
2022-09-23
CVE-2022-2970
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.003
Published
2022-09-23
CVE-2022-2971
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
CVSS Score
8.6
EPSS Score
0.001
Published
2022-09-23
CVE-2022-2972
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.003
Published
2022-09-23
CVE-2022-40195
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PCA Predict plugin <= 1.0.3 at WordPress.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-09-23
CVE-2022-40310
Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-09-23
CVE-2022-40671
Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-09-23
CVE-2022-40672
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-09-23
CVE-2022-40851
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.
CVSS Score
9.8
EPSS Score
0.099
Published
2022-09-23
CVE-2022-40854
Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved