Aggregates CVE and security vulnerability intelligence across all allnet-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk command injection and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-29269 | ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint. | [email protected] | 9.8 | 0.51% | 2025-12-04 | 2025-12-16 |
| CVE-2025-29268 | ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library. | [email protected] | 9.8 | 0.05% | 2025-12-04 | 2025-12-16 |
| CVE-2022-34767 | Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability – the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. Does not validate the user's identity and can be accessed publicly. | [email protected] | 5.9 | 0.20% | 2022-07-21 | 2024-11-21 |