Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-40855
Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
CVSS Score
9.8
EPSS Score
0.35
Published
2022-09-23
CVE-2022-40861
Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/
CVSS Score
7.2
EPSS Score
0.002
Published
2022-09-23
CVE-2022-40866
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23
CVE-2022-40867
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23
CVE-2022-40868
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-23
CVE-2022-35238
Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-23
CVE-2022-36388
Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-23
CVE-2022-36791
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-23
CVE-2022-37328
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress.
CVSS Score
3.4
EPSS Score
0.001
Published
2022-09-23
CVE-2022-37342
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-09-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved