CVE-2022-27078

CWE-77Command InjectionCWE-78OS Command Injection8 documents4 sources
Severity
9.8CRITICAL
EPSS
14.3%
top 5.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda M3 Firmware
Timeline
PublishedMar 24
Latest updateFeb 12

Description

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenda/m3_firmware1.0.0.12\(4856\)

🔴Vulnerability Details

7
OSV
linux-azure, linux-azure-fips vulnerabilities2026-02-12
OSV
linux-gcp-fips vulnerabilities2026-02-11
OSV
linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15 vulnerabilities2026-02-05
OSV
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities2026-01-29
OSV
linux-aws-fips, linux-fips vulnerabilities2026-01-29
CVE-2022-27078 (CRITICAL CVSS 9.8) | Tenda M3 1.10 V1.0.0.12(4856) was d | cvebase.io