Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2021-42890
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
CVSS Score
9.8
EPSS Score
0.033
Published
2022-06-03
CVE-2021-42888
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.
CVSS Score
9.8
EPSS Score
0.033
Published
2022-06-03
CVE-2021-42886
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.
CVSS Score
7.5
EPSS Score
0.01
Published
2022-06-03
CVE-2021-42887
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
CVSS Score
9.8
EPSS Score
0.613
Published
2022-06-03
CVE-2021-42884
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
CVSS Score
9.8
EPSS Score
0.218
Published
2022-06-03
CVE-2021-42885
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.
CVSS Score
9.8
EPSS Score
0.095
Published
2022-06-03
CVE-2022-1987
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.
CVSS Score
2.5
EPSS Score
0.002
Published
2022-06-03
CVE-2022-1988
Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-06-03
CVE-2022-32268
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges.
CVSS Score
8.8
EPSS Score
0.045
Published
2022-06-03
CVE-2022-32269
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-06-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved