Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2022
CVE-2022-45663
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-02
CVE-2022-45664
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-02
CVE-2022-45667
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-12-02
CVE-2022-45668
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-12-02
CVE-2022-45669
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-02
CVE-2022-45670
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-02
CVE-2022-45671
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-02
CVE-2022-45672
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.
CVSS Score
7.5
EPSS Score
0.023
Published
2022-12-02
CVE-2022-46145
authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.
CVSS Score
8.1
EPSS Score
0.024
Published
2022-12-02
CVE-2022-45647
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved