CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42055
https://notcve.org/view.php?id=CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. Múltiples vulnerabilidades de inyección de comandos en GL.iNet GoodCloud IoT Device Management System versión 1.00.220412.00 a través de las herramientas ping y traceroute permiten a los atacantes leer archivos arbitrarios en el sistema. • https://boschko.ca/glinet-router • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42054
https://notcve.org/view.php?id=CVE-2022-42054
Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. Múltiples vulnerabilidades de Stored Cross-Site Scripting (XSS) en GL.iNet GoodCloud IoT Device Management System Versión 1.00.220412.00 permiten a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en Company Name y Description text. • https://boschko.ca/glinet-router • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •