Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2022
CVE-2022-45996
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
CVSS Score
7.2
EPSS Score
0.008
Published
2022-12-12
CVE-2022-45997
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-12-12
CVE-2022-45043
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
CVSS Score
8.8
EPSS Score
0.018
Published
2022-12-12
CVE-2022-45956
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-12-12
CVE-2022-45957
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.
CVSS Score
7.5
EPSS Score
0.062
Published
2022-12-12
CVE-2022-45977
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
CVSS Score
8.8
EPSS Score
0.02
Published
2022-12-12
CVE-2022-45979
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-12
CVE-2022-45980
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
CVSS Score
8.8
EPSS Score
0.069
Published
2022-12-12
CVE-2021-4244
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 6.8.6 is able to address this issue. The name of the patch is 3662c6593aa1bb4286781214891d26de2e947695. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215307.
CVSS Score
2.6
EPSS Score
0.001
Published
2022-12-12
CVE-2022-45968
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).
CVSS Score
8.8
EPSS Score
0.001
Published
2022-12-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved