Skip to main content
CVE-2022-32386 CRITICAL POC THREAT Emergency

Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Memory Corruption Buffer Overflow Tenda Ac23 Ac2100 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
11.2%
CVE-2022-32385 CRITICAL POC Act Now

Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tenda Memory Corruption Ac23 Ac2100 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-31126 CRITICAL POC THREAT Act Now

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Nginx Roxy Wi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
49.9%
CVE-2022-31125 CRITICAL POC THREAT Act Now

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Nginx Roxy Wi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
19.7%
CVE-2022-34598 CRITICAL POC Act Now

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-34597 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-34596 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-34595 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-32383 CRITICAL POC Act Now

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac23 Ac2100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-33047 CRITICAL Act Now

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Otfcc
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21744 CRITICAL Act Now

In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Lr11 Lr12 +5
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-20083 CRITICAL Act Now

In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Lr11 Lr12 +5
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-33980 CRITICAL PATCH Act Now

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Commons Configuration Snapcenter Debian Linux
NVD
CVSS 3.1
9.8
EPSS
42.6%
CVE-2022-32533 CRITICAL Act Now

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XSS CSRF Apache XXE +1
NVD
CVSS 3.1
9.8
EPSS
3.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy