Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
CVE-2022-37007
The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10
CVE-2022-37008
The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-10
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
CVSS Score
7.5
EPSS Score
0.325
Published
2022-08-10
CVE-2022-37001
The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10
CVE-2022-37002
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-10
CVE-2022-36750
Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-08-10
CVE-2022-36270
Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-08-10
CVE-2022-35534
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.
CVSS Score
9.8
EPSS Score
0.05
Published
2022-08-10
CVE-2022-35535
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.
CVSS Score
9.8
EPSS Score
0.05
Published
2022-08-10
CVE-2022-35536
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.
CVSS Score
9.8
EPSS Score
0.019
Published
2022-08-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved