Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2022
CVE-2022-44932
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-08
CVE-2022-45118
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.
CVSS Score
6.2
EPSS Score
0.001
Published
2022-12-08
CVE-2022-45497
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
CVSS Score
9.8
EPSS Score
0.037
Published
2022-12-08
CVE-2022-45498
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-08
CVE-2022-45499
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-08
CVE-2022-45501
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-08
CVE-2022-45503
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-08
CVE-2022-45504
An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS Score
7.5
EPSS Score
0.1
Published
2022-12-08
CVE-2022-45505
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-08
CVE-2022-45506
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
CVSS Score
9.8
EPSS Score
0.037
Published
2022-12-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved