Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2022
CVE-2022-43365
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-27
CVE-2022-43366
IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-27
CVE-2022-43367
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-10-27
CVE-2022-40875
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-27
CVE-2022-42054
Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-27
CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
CVSS Score
6.5
EPSS Score
0.01
Published
2022-10-27
CVE-2022-43364
An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-27
CVE-2022-31898
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
CVSS Score
6.8
EPSS Score
0.416
Published
2022-10-27
CVE-2022-40874
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-27
CVE-2022-3725
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.001
Published
2022-10-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved