CVE-2022-27078
published 2022-03-24CVE-2022-27078: Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.65%
83.8th percentile
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 4.15.0-246.258 | 4.15.0-246.258 |
| tenda | m3_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-azure, linux-azure-fips vulnerabilities
osv·2026-02-12·CVSS 5.5
CVE-2022-48986 linux-azure, linux-azure-fips vulnerabilities
linux-azure, linux-azure-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
OSV
linux-gcp-fips vulnerabilities
osv·2026-02-11·CVSS 5.5
CVE-2022-48986 linux-gcp-fips vulnerabilities
linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
OSV
linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15 vulnerabilities
osv·2026-02-05·CVSS 5.5
CVE-2022-48986 linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15 vulnerabilities
linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
OSV
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2026-01-29·CVSS 5.5
CVE-2022-48986 linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
OSV
linux-aws-fips, linux-fips vulnerabilities
osv·2026-01-29·CVSS 5.5
CVE-2022-48986 linux-aws-fips, linux-fips vulnerabilities
linux-aws-fips, linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
GHSA
GHSA-f9p9-wj8w-j3hj: Tenda M3 1
ghsa_unreviewed·2022-03-25
CVE-2022-27078 [CRITICAL] CWE-78 GHSA-f9p9-wj8w-j3hj: Tenda M3 1
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-24
Published