September 22, 2023

There are more devices connected to the internet than ever before. This is music to an attacker’s ears, as they make good use of machines like printers and cameras which were never designed to ward off sophisticated invasions. It’s led companies and individuals alike to rethink how safe their networks are.

As the amount of these incidents rises, so does the way we need to classify the dangers they pose to businesses and consumers alike. Three of the most common terms thrown around when discussing cyber risks are vulnerabilities, exploits, and threats. Here’s a breakdown of most exploited vulnerabilities in 2022. Though only vulnerabilities from 2022 listed, the most popular exploits of 2021 are also exploited and in 2023, its usual that well known exploits will be within the sights of threat actors.

Adobe

CVE IDCVSS ScoreSeverityOEMVulnerability TitleDescription
CVE-2022-2408610CriticalAdobeAdobe Commerce and Magento Open Source Improper Input Validation VulnerabilityAdobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Apache

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-2470610CriticalApacheApache CouchDB Insecure Default Initialization of Resource VulnerabilityApache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
CVE-2022-241127.5HighApacheApache APISIX Authentication Bypass VulnerabilityApache APISIX contains an authentication bypass vulnerability that allows for remote code execution.

Apple

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-2258710CriticalAppleApple Memory Corruption VulnerabilityApple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
CVE-2022-226759.3CriticalAppleApple macOS Out-of-Bounds Write VulnerabilitymacOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
CVE-2022-226749.3CriticalAppleApple macOS Out-of-Bounds Read VulnerabilitymacOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
CVE-2022-329179.3CriticalAppleApple iOS, iPadOS, and macOS Remote Code Execution VulnerabilityApple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
CVE-2022-226208.8HighAppleApple Webkit Remote Code Execution VulnerabilityApple Webkit, which impacts iOS, iPadOS, and macOS, contains a vulnerability which allows for remote code execution.
CVE-2022-328938.8HighAppleApple iOS and macOS Out-of-Bounds Write VulnerabilityApple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
CVE-2022-328947.8HighAppleApple iOS and macOS Out-of-Bounds Write VulnerabilityApple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
CVE-2022-428277.5HighAppleApple iOS and iPadOS Out-of-Bounds Write VulnerabilityApple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Advertisements

Atlassian

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-261389CriticalAtlassianAtlassian Questions For Confluence App Hard-coded Credentials VulnerabilityAtlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.
CVE-2022-368049CriticalAtlassianAtlassian Bitbucket Server and Data Center Command Injection VulnerabilityMultiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.
CVE-2022-261347.5HighAtlassianAtlassian Confluence Server and Data Center Remote Code Execution VulnerabilityAtlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.

Cisco

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-2070810CriticalCiscoCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
CVE-2022-2070310CriticalCiscoCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
CVE-2022-2070110CriticalCiscoCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
CVE-2022-2070010CriticalCiscoCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
CVE-2022-2069910CriticalCiscoCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
CVE-2022-208216.4MediumCiscoCisco IOS XR Open Port VulnerabilityCisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.

D-LINK

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-289589.8CriticalD-LinkD-Link DIR-816L Remote Code Execution VulnerabilityD-Link DIR-816L contains an unspecified vulnerability in the shareport.php value parameter which allows for remote code execution.
CVE-2022-262587.5HighD-LinkD-Link DIR-820L Remote Code Execution VulnerabilityD-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.

dotCMS

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-263529.8CriticaldotCMSdotCMS Unrestricted Upload of File VulnerabilitydotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.

F5-BIG IP

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-13887.5HighF5F5 BIG-IP Missing Authentication VulnerabilityF5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.
Advertisements

Fortinet

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-4068410CriticalFortinetFortinet Multiple Products Authentication Bypass VulnerabilityFortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Google

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-30759.6CriticalGoogleGoogle Chromium Insufficient Data Validation VulnerabilityGoogle Chromium Mojo contains an insufficient data validation vulnerability. Impacts from exploitation are not yet known. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.
CVE-2022-41359.6CriticalGoogleGoogle Chromium Heap Buffer Overflow VulnerabilityGoogle Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.
CVE-2022-10968.8HighGoogleGoogle Chromium V8 Type Confusion VulnerabilityThe vulnerability exists due to a type confusion error within the V8 component in Chromium, affecting all Chromium-based browsers.
CVE-2022-13648.8HighGoogleGoogle Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 engine contains a type confusion vulnerability.
CVE-2022-37238.8HighGoogleGoogle Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.
CVE-2022-42628.8HighGoogleGoogle Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.
CVE-2022-06097.5HighGoogleGoogle Chrome Use-After-Free VulnerabilityThe vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.
CVE-2022-28566.5MediumGoogleGoogle Chrome Intents Insufficient Input Validation VulnerabilityGoogle Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available.

Linux

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-08477.2HighLinuxLinux Kernel Privilege Escalation VulnerabilityLinux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of “Dirty Pipe.”

Microsoft

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-2188210CriticalMicrosoftMicrosoft Win32k Privilege Escalation VulnerabilityMicrosoft Win32k contains an unspecified vulnerability which allows for privilege escalation.
CVE-2022-2452110CriticalMicrosoftMicrosoft Windows CLFS Driver Privilege Escalation VulnerabilityMicrosoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-2690410CriticalMicrosoftMicrosoft Windows User Profile Service Privilege Escalation VulnerabilityMicrosoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-2191910CriticalMicrosoftMicrosoft Windows User Profile Service Privilege Escalation VulnerabilityMicrosoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-3796910CriticalMicrosoftMicrosoft Windows Common Log File System (CLFS) Driver Privilege Escalation VulnerabilityMicrosoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation.
CVE-2022-4108210CriticalMicrosoftMicrosoft Exchange Server Remote Code Execution VulnerabilityMicrosoft Exchange Server contains an unspecified vulnerability which allows for authenticated remote code execution. Dubbed “ProxyNotShell,” this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
CVE-2022-4104010CriticalMicrosoftMicrosoft Exchange Server Server-Side Request Forgery VulnerabilityMicrosoft Exchange Server allows for server-side request forgery. Dubbed “ProxyNotShell,” this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
CVE-2022-219999.3CriticalMicrosoftMicrosoft Windows Print Spooler Privilege Escalation VulnerabilityMicrosoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
CVE-2022-227189.3CriticalMicrosoftMicrosoft Windows Print Spooler Privilege Escalation VulnerabilityMicrosoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
CVE-2022-301909.3CriticalMicrosoftMicrosoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityA remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
CVE-2022-269259.3CriticalMicrosoftMicrosoft Windows LSA Spoofing VulnerabilityMicrosoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
CVE-2022-269239.3CriticalMicrosoftMicrosoft Active Directory Domain Services Privilege Escalation VulnerabilityAn authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
CVE-2022-219719.3CriticalMicrosoftMicrosoft Windows Runtime Remote Code Execution VulnerabilityMicrosoft Windows Runtime contains an unspecified vulnerability which allows for remote code execution.
CVE-2022-220478.5HighMicrosoftMicrosoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation VulnerabilityMicrosoft Windows CSRSS contains an unspecified vulnerability which allows for privilege escalation to SYSTEM privileges.
CVE-2022-410337.8HighMicrosoftMicrosoft Windows COM+ Event System Service Privilege Escalation VulnerabilityMicrosoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2022-347137.6HighMicrosoftMicrosoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityA remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
CVE-2022-410917.6HighMicrosoftMicrosoft Windows Mark of the Web (MOTW) Security Feature Bypass VulnerabilityMicrosoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
CVE-2022-410737.6HighMicrosoftMicrosoft Windows Print Spooler Privilege Escalation VulnerabilityMicrosoft Windows Print Spooler contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges.
CVE-2022-411257.6HighMicrosoftMicrosoft Windows CNG Key Isolation Service Privilege Escalation VulnerabilityMicrosoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges.
CVE-2022-411287.6HighMicrosoftMicrosoft Windows Scripting Languages Remote Code Execution VulnerabilityMicrosoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
CVE-2022-410497.6HighMicrosoftMicrosoft Windows Mark of the Web (MOTW) Security Feature Bypass VulnerabilityMicrosoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
Advertisements

MiTel

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-261439.8CriticalMitelMiCollab, MiVoice Business Express Access Control VulnerabilityA vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
CVE-2022-294999.8CriticalMitelMitel MiVoice Connect Data Validation VulnerabilityThe Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.

Mozilla

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-264857.2HighMozillaMozilla Firefox Use-After-Free VulnerabilityMozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
CVE-2022-264865.9MediumMozillaMozilla Firefox Use-After-Free VulnerabilityMozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.

Palo Alto

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-00287.8HighPalo Alto NetworksPalo Alto Networks PAN-OS Reflected Amplification Denial-of-Service VulnerabilityA Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

Sophos

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-10407.5HighSophosSophos Firewall Authentication Bypass VulnerabilityAn authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
CVE-2022-32367.5HighSophosSophos Firewall Code Injection VulnerabilityA code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Trend Micro

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-268717.5HighTrend MicroTrend Micro Apex Central Arbitrary File Upload VulnerabilityAn arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
CVE-2022-401397.2HighTrend MicroTrend Micro Apex One and Apex One as a Service Improper Validation VulnerabilityTrend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
Advertisements

VMware

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-2295410CriticalVMwareVMware Workspace ONE Access and Identity Manager Server-Side Template Injection VulnerabilityVMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.
CVE-2022-2294710CriticalVMwareVMware Spring Cloud Gateway Code Injection VulnerabilitySpring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
CVE-2022-229657.5HighVMwareSpring Framework JDK 9+ Remote Code Execution VulnerabilitySpring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
CVE-2022-229607.3HighVMwareVMware Multiple Products Privilege Escalation VulnerabilityVMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
CVE-2022-229637.5HighVMware TanzuVMware Tanzu Spring Cloud Function Remote Code Execution VulnerabilityWhen using routing functionality in VMware Tanzu’s Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Zimbra

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-231319.8CriticalZabbixZabbix Frontend Authentication Bypass VulnerabilityUnsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.
CVE-2022-231345.3MediumZabbixZabbix Frontend Improper Access Control VulnerabilityMalicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.
CVE-2022-3704210CriticalZimbraZimbra Collaboration (ZCS) Authentication Bypass VulnerabilityZimbra Collaboration (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.
CVE-2022-4135210CriticalZimbraZimbra Collaboration (ZCS) Arbitrary File Upload VulnerabilityZimbra Collaboration (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts.
CVE-2022-279247.5HighZimbraZimbra Collaboration (ZCS) Command Injection VulnerabilityZimbra Collaboration (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.
CVE-2022-279257.3HighZimbraZimbra Collaboration (ZCS) Arbitrary File Upload VulnerabilityZimbra Collaboration (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.
CVE-2022-246826.1MediumZimbraZimbra Webmail Cross-Site Scripting VulnerabilityZimbra webmail clients running versions 8.8.15 P29 & P30 contain a XSS vulnerability that would allow attackers to steal session cookie files.

ZOHO

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-3540510CriticalZohoZoho ManageEngine Multiple Products Remote Code Execution VulnerabilityZoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution.
Advertisements

Other Vulnerabilities

CVE IDCVSS Score v3.1SeverityOEMVulnerability TitleDescription
CVE-2022-314607.4HighOwl LabsMeeting Owl Pro and Whiteboard Owl Hard-Coded Credentials VulnerabilityOwl Labs Meeting Owl and Whiteboard Owl allow attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.
CVE-2022-275939.1CriticalQNAPQNAP Photo Station Externally Controlled Reference VulnerabilityCertain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
CVE-2022-303337.5HighRARLABRARLAB UnRAR Directory Traversal VulnerabilityRARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
CVE-2022-054310CriticalRedisDebian-specific Redis Server Lua Sandbox Escape VulnerabilityRedis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
CVE-2022-2253610CriticalSAPSAP Multiple Products HTTP Request Smuggling VulnerabilitySAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim’s request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.
CVE-2022-263189.8CriticalWatchGuardWatchGuard Firebox and XTM Appliances Arbitrary Code ExecutionOn WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
CVE-2022-231768.8HighWatchGuardWatchGuard Firebox and XTM Privilege Escalation VulnerabilityWatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
CVE-2022-22948.8HighWebRTCWebRTC Heap Buffer Overflow VulnerabilityWebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability which allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.
CVE-2022-2946410CriticalWSO2WSO2 Multiple Products Unrestrictive Upload of File VulnerabilityMultiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.
CVE-2022-3540510CriticalZohoZoho ManageEngine Multiple Products Remote Code Execution VulnerabilityZoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution.
CVE-2022-3052510CriticalZyxelZyxel Multiple Firewalls OS Command Injection VulnerabilityA command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Leave a Reply

%d bloggers like this: