Vulnerabilites related to totolink - a7100ru
Vulnerability from fkie_nvd
Published
2022-11-25 20:15
Modified
2024-11-21 07:28
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comando a través del parámetro pass en la función settings/setOpenVpnCfg.", }, ], id: "CVE-2022-44844", lastModified: "2024-11-21T07:28:30.137", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-25T20:15:11.140", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-21 15:15
Modified
2025-03-14 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.", }, ], id: "CVE-2023-24184", lastModified: "2025-03-14T19:15:41.630", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-21T15:15:12.197", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://github.com/fuxianghah/IOT/tree/main/Motorala/MR2600/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://github.com/fuxianghah/IOT/tree/main/Motorala/MR2600/13", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-25 01:15
Modified
2024-11-21 08:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/unpWn4bL3/iot-security/blob/main/2.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.248942 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.248942 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/unpWn4bL3/iot-security/blob/main/2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.248942 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.248942 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Totolink A7100RU 7.4cu.2313_B20191024 y clasificada como crítica. La función main del archivo /cgi-bin/cstecgi.cgi?action=login del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulación del indicador de argumento provoca un desbordamiento de búfer. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-248942 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2023-7095", lastModified: "2024-11-21T08:45:14.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-25T01:15:08.203", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/unpWn4bL3/iot-security/blob/main/2.md", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.248942", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.248942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/unpWn4bL3/iot-security/blob/main/2.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.248942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.248942", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-15 22:15
Modified
2024-11-21 07:30
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro wscDisabled en la función settings/setWiFiSignalCfg.", }, ], id: "CVE-2022-46631", lastModified: "2024-11-21T07:30:49.730", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-15T22:15:10.383", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz delParentalRules del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28577", lastModified: "2024-11-21T06:57:31.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.657", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-28 23:15
Modified
2025-02-18 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/32 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/32 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.", }, ], id: "CVE-2023-27232", lastModified: "2025-02-18T21:15:16.040", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-28T23:15:09.143", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/32", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-15 22:15
Modified
2024-11-21 07:30
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro wscDisabled en la función setting/setWiFiWpsCfg.", }, ], id: "CVE-2022-46634", lastModified: "2024-11-21T07:30:49.887", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-15T22:15:10.450", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiSignalCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28582", lastModified: "2024-11-21T06:57:32.713", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.887", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-05 15:15
Modified
2025-01-29 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/161 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/161 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.", }, ], id: "CVE-2023-30054", lastModified: "2025-01-29T18:15:45.943", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-05T15:15:10.070", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/161", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiWpsStart del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28584", lastModified: "2024-11-21T06:57:32.990", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.983", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiWpsCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28583", lastModified: "2024-11-21T06:57:32.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.930", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-08 14:15
Modified
2024-11-21 07:49
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/22 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/22 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.", }, ], id: "CVE-2023-25395", lastModified: "2024-11-21T07:49:28.240", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-08T14:15:09.760", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/22", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setL2tpServerCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28580", lastModified: "2024-11-21T06:57:32.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.797", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-06 15:15
Modified
2025-03-25 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/18 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/18 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.", }, ], id: "CVE-2023-24276", lastModified: "2025-03-25T19:15:41.437", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-06T15:15:11.267", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-28 22:15
Modified
2025-02-18 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/30 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/30 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.", }, ], id: "CVE-2023-27229", lastModified: "2025-02-18T21:15:15.590", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-28T22:15:09.500", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/30", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-20 15:15
Modified
2024-11-21 07:32
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/15 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/15 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro servername en la función settings/delStaticDhcpRules.", }, ], id: "CVE-2022-48123", lastModified: "2024-11-21T07:32:53.133", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-20T15:15:14.827", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/15", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-20 15:15
Modified
2024-11-21 07:32
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/12 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/12 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro de nombre de usuario en la función configuración/setOpenVpnCertGenerationCfg.", }, ], id: "CVE-2022-48126", lastModified: "2024-11-21T07:32:53.563", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-20T15:15:16.003", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/12", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-07 04:15
Modified
2025-02-12 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/28 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/28 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.", }, ], id: "CVE-2023-26978", lastModified: "2025-02-12T20:15:31.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-07T04:15:41.213", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/28", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-07 21:15
Modified
2025-01-07 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/37 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/37 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.", }, { lang: "es", value: "Se descubrió que TOTOLink A7100RU V7.4cu.2313_B20191024 contenía una vulnerabilidad de inyección de comandos a través del parámetro staticGw en /setting/setWanIeCfg.", }, ], id: "CVE-2023-33556", lastModified: "2025-01-07T15:15:08.523", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-07T21:15:13.567", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/37", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 15:15
Modified
2025-03-18 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/20 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/20 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.", }, ], id: "CVE-2023-24238", lastModified: "2025-03-18T20:15:18.333", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-16T15:15:19.193", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/20", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-20 15:15
Modified
2024-11-21 07:32
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/14 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/14 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro FileName en la función settings/setOpenVpnCertGenerationCfg.", }, ], id: "CVE-2022-48124", lastModified: "2024-11-21T07:32:53.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-20T15:15:15.277", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/14", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-28 22:15
Modified
2025-02-18 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/31 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/31 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.", }, ], id: "CVE-2023-27231", lastModified: "2025-02-18T21:15:15.820", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-28T22:15:09.550", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/31", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-25 20:15
Modified
2024-11-21 07:28
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:*:*:*:*:*:*:*:*", matchCriteriaId: "8907613D-5F55-4732-8592-A30D1AC7558E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro de puerto en la función configuración/setOpenVpnClientCfg.", }, ], id: "CVE-2022-44843", lastModified: "2024-11-21T07:28:29.990", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-25T20:15:11.090", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setOpenVpnCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28578", lastModified: "2024-11-21T06:57:32.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.707", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-16 15:15
Modified
2025-03-18 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/19 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/19 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.", }, ], id: "CVE-2023-24236", lastModified: "2025-03-18T20:15:18.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-16T15:15:18.980", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/19", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-20 15:15
Modified
2024-11-21 07:32
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/17 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/17 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro dayvalid en la función settings/delStaticDhcpRules.", }, ], id: "CVE-2022-48122", lastModified: "2024-11-21T07:32:52.990", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-20T15:15:14.553", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/17", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-18 04:15
Modified
2024-11-21 08:44
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/unpWn4bL3/iot-security/blob/main/1.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.248268 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.248268 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/unpWn4bL3/iot-security/blob/main/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.248268 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.248268 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Totolink A7100RU 7.4cu.2313_B20191024 y clasificada como crítica. La función main del archivo /cgi-bin/cstecgi.cgi?action=login del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulación del argumento flag con la entrada ie8 provoca un desbordamiento de búfer. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248268. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.", }, ], id: "CVE-2023-6906", lastModified: "2024-11-21T08:44:48.533", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-18T04:15:51.227", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/unpWn4bL3/iot-security/blob/main/1.md", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.248268", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.248268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/unpWn4bL3/iot-security/blob/main/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.248268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.248268", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "cna@vuldb.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-20 15:15
Modified
2024-11-21 07:32
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/13 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/13 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comando a través del parámetro de contraseña en la función configuración/setOpenVpnCertGenerationCfg.", }, ], id: "CVE-2022-48125", lastModified: "2024-11-21T07:32:53.417", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-20T15:15:15.713", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/13", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-23 15:15
Modified
2025-02-25 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/29 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/29 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.", }, ], id: "CVE-2023-27135", lastModified: "2025-02-25T19:15:13.030", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-23T15:15:12.120", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/29", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload", }, { lang: "es", value: "Se ha detectado que se presenta una vulnerabilidad de inyección de comandos en la interfaz setopenvpnclientcfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a atacantes ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28575", lastModified: "2024-11-21T06:57:31.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.613", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-05 15:15
Modified
2025-01-29 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/160 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/160 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.", }, ], id: "CVE-2023-30053", lastModified: "2025-01-29T18:15:45.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-05T15:15:10.020", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/160", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setParentalRules del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28579", lastModified: "2024-11-21T06:57:32.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.750", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-07 03:15
Modified
2025-02-12 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/23 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/23 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.", }, ], id: "CVE-2023-26848", lastModified: "2025-02-12T20:15:30.547", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-07T03:15:07.030", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/23", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-20 15:15
Modified
2024-11-21 07:32
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/16 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/16 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.", }, { lang: "es", value: "Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro rsabits en la función settings/delStaticDhcpRules.", }, ], id: "CVE-2022-48121", lastModified: "2024-11-21T07:32:52.847", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-20T15:15:14.267", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/16", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiAdvancedCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida", }, ], id: "CVE-2022-28581", lastModified: "2024-11-21T06:57:32.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T18:15:09.843", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-17 19:15
Modified
2024-11-21 07:32
Severity ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Am1ngl/ttt/tree/main/16 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Am1ngl/ttt/tree/main/16 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a7100ru_firmware | 7.4cu.2313_b20191024 | |
| totolink | a7100ru | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a7100ru_firmware:7.4cu.2313_b20191024:*:*:*:*:*:*:*", matchCriteriaId: "83C47206-6608-4258-A2FE-D15C5637192D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DD0831-0EB3-4F09-B4E4-6165E53AB6A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.", }, { lang: "es", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 es afectada por una vulnerabilidad de inyección de comandos en el servicio httpd. Un atacante puede obtener un shell root estable a través de un payload especialmente construido.", }, ], id: "CVE-2022-47853", lastModified: "2024-11-21T07:32:24.897", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-17T19:15:11.607", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Am1ngl/ttt/tree/main/16", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-6906
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 08:42
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.248268 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.248268 | signature, permissions-required | |
| https://github.com/unpWn4bL3/iot-security/blob/main/1.md | exploit |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:42:08.655Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.248268", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.248268", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/unpWn4bL3/iot-security/blob/main/1.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { modules: [ "HTTP POST Request Handler", ], product: "A7100RU", vendor: "Totolink", versions: [ { status: "affected", version: "7.4cu.2313_B20191024", }, ], }, ], credits: [ { lang: "en", type: "analyst", value: "unpWn4bl3 (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Totolink A7100RU 7.4cu.2313_B20191024 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion main der Datei /cgi-bin/cstecgi.cgi?action=login der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments flag mit der Eingabe ie8 mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV3_0: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, { cvssV2_0: { baseScore: 10, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-18T00:00:07.209Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.248268", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.248268", }, { tags: [ "exploit", ], url: "https://github.com/unpWn4bL3/iot-security/blob/main/1.md", }, ], timeline: [ { lang: "en", time: "2023-12-17T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2023-12-17T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2023-12-17T09:36:26.000Z", value: "VulDB entry last update", }, ], title: "Totolink A7100RU HTTP POST Request main buffer overflow", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2023-6906", datePublished: "2023-12-18T00:00:07.209Z", dateReserved: "2023-12-17T08:31:17.379Z", dateUpdated: "2024-08-02T08:42:08.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46631
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.210Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-15T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46631", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-05T00:00:00", dateUpdated: "2024-08-03T14:39:38.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28577
Vulnerability from cvelistv5
Published
2022-05-05 17:33
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.072Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:33:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28577", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28577", datePublished: "2022-05-05T17:33:23", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28578
Vulnerability from cvelistv5
Published
2022-05-05 17:36
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.133Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:36:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28578", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28578", datePublished: "2022-05-05T17:36:23", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27135
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2025-02-25 18:36
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:01:32.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/29", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27135", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T18:34:52.450059Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T18:36:26.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-23T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/29", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-27135", datePublished: "2023-03-23T00:00:00.000Z", dateReserved: "2023-02-27T00:00:00.000Z", dateUpdated: "2025-02-25T18:36:26.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48122
Vulnerability from cvelistv5
Published
2023-01-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/17", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/17", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48122", datePublished: "2023-01-20T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T15:02:36.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30053
Vulnerability from cvelistv5
Published
2023-05-05 00:00
Modified
2025-01-29 17:39
Severity ?
EPSS score ?
Summary
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:21:44.263Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/160", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-30053", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T17:39:09.939046Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T17:39:17.816Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-05T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/160", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-30053", datePublished: "2023-05-05T00:00:00.000Z", dateReserved: "2023-04-07T00:00:00.000Z", dateUpdated: "2025-01-29T17:39:17.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48123
Vulnerability from cvelistv5
Published
2023-01-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.698Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/15", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/15", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48123", datePublished: "2023-01-20T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T15:02:36.698Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44843
Vulnerability from cvelistv5
Published
2022-11-25 00:00
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:01:31.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-25T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-44843", datePublished: "2022-11-25T00:00:00", dateReserved: "2022-11-07T00:00:00", dateUpdated: "2024-08-03T14:01:31.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25395
Vulnerability from cvelistv5
Published
2023-03-08 00:00
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:18:36.344Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/22", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-08T13:16:03.181607", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/22", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-25395", datePublished: "2023-03-08T00:00:00", dateReserved: "2023-02-06T00:00:00", dateUpdated: "2024-08-02T11:18:36.344Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24276
Vulnerability from cvelistv5
Published
2023-02-06 00:00
Modified
2025-03-25 18:29
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:56:02.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/18", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-24276", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-25T18:27:46.960776Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T18:29:01.110Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-06T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/18", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24276", datePublished: "2023-02-06T00:00:00.000Z", dateReserved: "2023-01-23T00:00:00.000Z", dateUpdated: "2025-03-25T18:29:01.110Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26978
Vulnerability from cvelistv5
Published
2023-04-07 00:00
Modified
2025-02-12 20:06
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:01:31.985Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/28", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-26978", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T20:06:34.261909Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T20:06:53.573Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-07T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/28", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-26978", datePublished: "2023-04-07T00:00:00.000Z", dateReserved: "2023-02-27T00:00:00.000Z", dateUpdated: "2025-02-12T20:06:53.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30054
Vulnerability from cvelistv5
Published
2023-05-05 00:00
Modified
2025-01-29 17:38
Severity ?
EPSS score ?
Summary
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:21:44.406Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/161", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-30054", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T17:37:39.494658Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T17:38:25.913Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-05T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/161", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-30054", datePublished: "2023-05-05T00:00:00.000Z", dateReserved: "2023-04-07T00:00:00.000Z", dateUpdated: "2025-01-29T17:38:25.913Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24236
Vulnerability from cvelistv5
Published
2023-02-16 00:00
Modified
2025-03-18 19:19
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:56:02.615Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/19", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-24236", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-18T19:19:08.948846Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T19:19:25.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/19", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24236", datePublished: "2023-02-16T00:00:00.000Z", dateReserved: "2023-01-23T00:00:00.000Z", dateUpdated: "2025-03-18T19:19:25.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28582
Vulnerability from cvelistv5
Published
2022-05-05 17:44
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.010Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:44:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28582", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28582", datePublished: "2022-05-05T17:44:23", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.010Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33556
Vulnerability from cvelistv5
Published
2023-06-07 00:00
Modified
2025-01-07 14:24
Severity ?
EPSS score ?
Summary
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:47:05.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/37", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-33556", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T14:24:35.018791Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T14:24:42.193Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-07T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/37", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-33556", datePublished: "2023-06-07T00:00:00", dateReserved: "2023-05-22T00:00:00", dateUpdated: "2025-01-07T14:24:42.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46634
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:38.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-15T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46634", datePublished: "2022-12-15T00:00:00", dateReserved: "2022-12-05T00:00:00", dateUpdated: "2024-08-03T14:39:38.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48121
Vulnerability from cvelistv5
Published
2023-01-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.700Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/16", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48121", datePublished: "2023-01-20T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T15:02:36.700Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28580
Vulnerability from cvelistv5
Published
2022-05-05 17:40
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:40:56", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28580", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/5", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28580", datePublished: "2022-05-05T17:40:56", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24238
Vulnerability from cvelistv5
Published
2023-02-16 00:00
Modified
2025-03-18 19:17
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:56:02.620Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/20", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-24238", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-18T19:16:44.937860Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T19:17:06.099Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-16T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/20", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24238", datePublished: "2023-02-16T00:00:00.000Z", dateReserved: "2023-01-23T00:00:00.000Z", dateUpdated: "2025-03-18T19:17:06.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28583
Vulnerability from cvelistv5
Published
2022-05-05 17:47
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:47:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28583", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28583", datePublished: "2022-05-05T17:47:15", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27232
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-02-18 20:15
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:01:32.585Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/32", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27232", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T20:14:59.104292Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-18T20:15:21.121Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-28T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/32", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-27232", datePublished: "2023-03-28T00:00:00.000Z", dateReserved: "2023-02-27T00:00:00.000Z", dateUpdated: "2025-02-18T20:15:21.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28581
Vulnerability from cvelistv5
Published
2022-05-05 17:42
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:42:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28581", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28581", datePublished: "2022-05-05T17:42:41", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24184
Vulnerability from cvelistv5
Published
2023-02-21 00:00
Modified
2025-03-14 18:31
Severity ?
EPSS score ?
Summary
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:49:09.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/fuxianghah/IOT/tree/main/Motorala/MR2600/13", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-24184", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-14T18:31:31.363307Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T18:31:34.919Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-21T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/fuxianghah/IOT/tree/main/Motorala/MR2600/13", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24184", datePublished: "2023-02-21T00:00:00.000Z", dateReserved: "2023-01-23T00:00:00.000Z", dateUpdated: "2025-03-14T18:31:34.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-7095
Vulnerability from cvelistv5
Published
2023-12-25 00:31
Modified
2024-08-02 08:50
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.248942 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.248942 | signature, permissions-required | |
| https://github.com/unpWn4bL3/iot-security/blob/main/2.md | exploit |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:50:07.933Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.248942", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.248942", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/unpWn4bL3/iot-security/blob/main/2.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { modules: [ "HTTP POST Request Handler", ], product: "A7100RU", vendor: "Totolink", versions: [ { status: "affected", version: "7.4cu.2313_B20191024", }, ], }, ], credits: [ { lang: "en", type: "analyst", value: "unpWn4bl3 (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Eine kritische Schwachstelle wurde in Totolink A7100RU 7.4cu.2313_B20191024 entdeckt. Dies betrifft die Funktion main der Datei /cgi-bin/cstecgi.cgi?action=login der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments flag mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV3_0: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, { cvssV2_0: { baseScore: 10, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-25T00:31:04.022Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.248942", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.248942", }, { tags: [ "exploit", ], url: "https://github.com/unpWn4bL3/iot-security/blob/main/2.md", }, ], timeline: [ { lang: "en", time: "2023-12-24T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2023-12-24T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2023-12-24T09:16:03.000Z", value: "VulDB entry last update", }, ], title: "Totolink A7100RU HTTP POST Request main buffer overflow", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2023-7095", datePublished: "2023-12-25T00:31:04.022Z", dateReserved: "2023-12-24T08:10:53.292Z", dateUpdated: "2024-08-02T08:50:07.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48124
Vulnerability from cvelistv5
Published
2023-01-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.712Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/14", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48124", datePublished: "2023-01-20T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T15:02:36.712Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48125
Vulnerability from cvelistv5
Published
2023-01-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.705Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/13", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/13", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48125", datePublished: "2023-01-20T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T15:02:36.705Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28584
Vulnerability from cvelistv5
Published
2022-05-05 17:26
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:26:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28584", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28584", datePublished: "2022-05-05T17:26:18", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.123Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28575
Vulnerability from cvelistv5
Published
2022-05-05 17:28
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.074Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:28:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28575", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28575", datePublished: "2022-05-05T17:28:45", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26848
Vulnerability from cvelistv5
Published
2023-04-07 00:00
Modified
2025-02-12 20:07
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:53:54.429Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/23", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-26848", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T20:07:22.447294Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T20:07:41.552Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-07T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/23", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-26848", datePublished: "2023-04-07T00:00:00.000Z", dateReserved: "2023-02-27T00:00:00.000Z", dateUpdated: "2025-02-12T20:07:41.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44844
Vulnerability from cvelistv5
Published
2022-11-25 00:00
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:01:31.347Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-25T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-44844", datePublished: "2022-11-25T00:00:00", dateReserved: "2022-11-07T00:00:00", dateUpdated: "2024-08-03T14:01:31.347Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27229
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-02-18 20:17
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:01:32.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/30", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27229", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T20:16:38.626947Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-18T20:17:02.103Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-28T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/30", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-27229", datePublished: "2023-03-28T00:00:00.000Z", dateReserved: "2023-02-27T00:00:00.000Z", dateUpdated: "2025-02-18T20:17:02.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48126
Vulnerability from cvelistv5
Published
2023-01-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/12", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/12", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48126", datePublished: "2023-01-20T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T15:02:36.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27231
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-02-18 20:16
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:01:32.393Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/31", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27231", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T20:15:52.670808Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-18T20:16:12.914Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-28T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/31", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-27231", datePublished: "2023-03-28T00:00:00.000Z", dateReserved: "2023-02-27T00:00:00.000Z", dateUpdated: "2025-02-18T20:16:12.914Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47853
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.420Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Am1ngl/ttt/tree/main/16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Am1ngl/ttt/tree/main/16", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-47853", datePublished: "2023-01-17T00:00:00", dateReserved: "2022-12-21T00:00:00", dateUpdated: "2024-08-03T15:02:36.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28579
Vulnerability from cvelistv5
Published
2022-05-05 17:38
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.094Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T17:38:56", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28579", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4", refsource: "MISC", url: "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28579", datePublished: "2022-05-05T17:38:56", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.094Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202312-0393
Vulnerability from variot
A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company.
Totolink A7100RU 7.4cu.2313_B20191024 version has a buffer overflow vulnerability. A remote attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0393", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru 7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99634", }, { db: "JVNDB", id: "JVNDB-2023-020316", }, { db: "NVD", id: "CVE-2023-6906", }, ], }, cve: "CVE-2023-6906", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "cna@vuldb.com", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2023-6906", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2023-99634", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@vuldb.com", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-6906", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-6906", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "cna@vuldb.com", id: "CVE-2023-6906", trust: 1, value: "CRITICAL", }, { author: "nvd@nist.gov", id: "CVE-2023-6906", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-6906", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2023-99634", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99634", }, { db: "JVNDB", id: "JVNDB-2023-020316", }, { db: "NVD", id: "CVE-2023-6906", }, { db: "NVD", id: "CVE-2023-6906", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. \n\r\n\r\nTotolink A7100RU 7.4cu.2313_B20191024 version has a buffer overflow vulnerability. A remote attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks", sources: [ { db: "NVD", id: "CVE-2023-6906", }, { db: "JVNDB", id: "JVNDB-2023-020316", }, { db: "CNVD", id: "CNVD-2023-99634", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-6906", trust: 3.2, }, { db: "VULDB", id: "248268", trust: 1.8, }, { db: "JVNDB", id: "JVNDB-2023-020316", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-99634", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99634", }, { db: "JVNDB", id: "JVNDB-2023-020316", }, { db: "NVD", id: "CVE-2023-6906", }, ], }, id: "VAR-202312-0393", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-99634", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99634", }, ], }, last_update_date: "2024-08-14T14:01:30.275000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-020316", }, { db: "NVD", id: "CVE-2023-6906", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://github.com/unpwn4bl3/iot-security/blob/main/1.md", }, { trust: 1.8, url: "https://vuldb.com/?id.248268", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2023-6906", }, { trust: 1, url: "https://vuldb.com/?ctiid.248268", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-99634", }, { db: "JVNDB", id: "JVNDB-2023-020316", }, { db: "NVD", id: "CVE-2023-6906", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-99634", }, { db: "JVNDB", id: "JVNDB-2023-020316", }, { db: "NVD", id: "CVE-2023-6906", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-12-21T00:00:00", db: "CNVD", id: "CNVD-2023-99634", }, { date: "2024-01-16T00:00:00", db: "JVNDB", id: "JVNDB-2023-020316", }, { date: "2023-12-18T04:15:51.227000", db: "NVD", id: "CVE-2023-6906", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-12-22T00:00:00", db: "CNVD", id: "CNVD-2023-99634", }, { date: "2024-01-16T06:06:00", db: "JVNDB", id: "JVNDB-2023-020316", }, { date: "2024-05-17T02:34:00.270000", db: "NVD", id: "CVE-2023-6906", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Classic buffer overflow vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-020316", }, ], trust: 0.8, }, }
var-202301-1554
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1554", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313_b20191024", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005581", }, { db: "NVD", id: "CVE-2022-47853", }, ], }, cve: "CVE-2022-47853", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-47853", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-47853", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-47853", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-47853", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202301-1296", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005581", }, { db: "CNNVD", id: "CNNVD-202301-1296", }, { db: "NVD", id: "CVE-2022-47853", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-47853", }, { db: "JVNDB", id: "JVNDB-2022-005581", }, { db: "VULMON", id: "CVE-2022-47853", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-47853", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-005581", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202301-1296", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-47853", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-47853", }, { db: "JVNDB", id: "JVNDB-2022-005581", }, { db: "CNNVD", id: "CNNVD-202301-1296", }, { db: "NVD", id: "CVE-2022-47853", }, ], }, id: "VAR-202301-1554", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:37:05.800000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.totolink.net/", }, { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=222515", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005581", }, { db: "CNNVD", id: "CNNVD-202301-1296", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005581", }, { db: "NVD", id: "CVE-2022-47853", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/16", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-47853", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-47853/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-47853", }, { db: "JVNDB", id: "JVNDB-2022-005581", }, { db: "CNNVD", id: "CNNVD-202301-1296", }, { db: "NVD", id: "CVE-2022-47853", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-47853", }, { db: "JVNDB", id: "JVNDB-2022-005581", }, { db: "CNNVD", id: "CNNVD-202301-1296", }, { db: "NVD", id: "CVE-2022-47853", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-17T00:00:00", db: "VULMON", id: "CVE-2022-47853", }, { date: "2023-06-06T00:00:00", db: "JVNDB", id: "JVNDB-2022-005581", }, { date: "2023-01-17T00:00:00", db: "CNNVD", id: "CNNVD-202301-1296", }, { date: "2023-01-17T19:15:11.607000", db: "NVD", id: "CVE-2022-47853", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-17T00:00:00", db: "VULMON", id: "CVE-2022-47853", }, { date: "2023-06-06T06:42:00", db: "JVNDB", id: "JVNDB-2022-005581", }, { date: "2023-01-28T00:00:00", db: "CNNVD", id: "CNNVD-202301-1296", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-47853", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202301-1296", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU Command injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-005581", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202301-1296", }, ], trust: 0.6, }, }
var-202301-1809
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1809", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005995", }, { db: "NVD", id: "CVE-2022-48126", }, ], }, cve: "CVE-2022-48126", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-48126", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-48126", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-48126", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-48126", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202301-1563", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005995", }, { db: "CNNVD", id: "CNNVD-202301-1563", }, { db: "NVD", id: "CVE-2022-48126", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-48126", }, { db: "JVNDB", id: "JVNDB-2022-005995", }, { db: "VULMON", id: "CVE-2022-48126", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-48126", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-005995", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202301-1563", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-48126", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-48126", }, { db: "JVNDB", id: "JVNDB-2022-005995", }, { db: "CNNVD", id: "CNNVD-202301-1563", }, { db: "NVD", id: "CVE-2022-48126", }, ], }, id: "VAR-202301-1809", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:55:00.078000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.totolink.net/", }, { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=222641", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005995", }, { db: "CNNVD", id: "CNNVD-202301-1563", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005995", }, { db: "NVD", id: "CVE-2022-48126", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/12", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-48126", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-48126/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-48126", }, { db: "JVNDB", id: "JVNDB-2022-005995", }, { db: "CNNVD", id: "CNNVD-202301-1563", }, { db: "NVD", id: "CVE-2022-48126", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-48126", }, { db: "JVNDB", id: "JVNDB-2022-005995", }, { db: "CNNVD", id: "CNNVD-202301-1563", }, { db: "NVD", id: "CVE-2022-48126", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48126", }, { date: "2023-06-23T00:00:00", db: "JVNDB", id: "JVNDB-2022-005995", }, { date: "2023-01-20T00:00:00", db: "CNNVD", id: "CNNVD-202301-1563", }, { date: "2023-01-20T15:15:16.003000", db: "NVD", id: "CVE-2022-48126", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48126", }, { date: "2023-06-23T06:40:00", db: "JVNDB", id: "JVNDB-2022-005995", }, { date: "2023-01-29T00:00:00", db: "CNNVD", id: "CNNVD-202301-1563", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-48126", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202301-1563", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU Command injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-005995", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202301-1563", }, ], trust: 0.6, }, }
var-202212-1496
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. TOTOLINK of A7100RU The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1496", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023927", }, { db: "NVD", id: "CVE-2022-46634", }, ], }, cve: "CVE-2022-46634", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-46634", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-46634", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-46634", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-46634", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202212-3326", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023927", }, { db: "CNNVD", id: "CNNVD-202212-3326", }, { db: "NVD", id: "CVE-2022-46634", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. TOTOLINK of A7100RU The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-46634", }, { db: "JVNDB", id: "JVNDB-2022-023927", }, { db: "VULMON", id: "CVE-2022-46634", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-46634", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-023927", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202212-3326", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-46634", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-46634", }, { db: "JVNDB", id: "JVNDB-2022-023927", }, { db: "CNNVD", id: "CNNVD-202212-3326", }, { db: "NVD", id: "CVE-2022-46634", }, ], }, id: "VAR-202212-1496", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T15:42:04.575000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023927", }, { db: "NVD", id: "CVE-2022-46634", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/7", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-46634", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-46634/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-46634", }, { db: "JVNDB", id: "JVNDB-2022-023927", }, { db: "CNNVD", id: "CNNVD-202212-3326", }, { db: "NVD", id: "CVE-2022-46634", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-46634", }, { db: "JVNDB", id: "JVNDB-2022-023927", }, { db: "CNNVD", id: "CNNVD-202212-3326", }, { db: "NVD", id: "CVE-2022-46634", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-15T00:00:00", db: "VULMON", id: "CVE-2022-46634", }, { date: "2023-11-30T00:00:00", db: "JVNDB", id: "JVNDB-2022-023927", }, { date: "2022-12-15T00:00:00", db: "CNNVD", id: "CNNVD-202212-3326", }, { date: "2022-12-15T22:15:10.450000", db: "NVD", id: "CVE-2022-46634", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-16T00:00:00", db: "VULMON", id: "CVE-2022-46634", }, { date: "2023-11-30T04:34:00", db: "JVNDB", id: "JVNDB-2022-023927", }, { date: "2022-12-22T00:00:00", db: "CNNVD", id: "CNNVD-202212-3326", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-46634", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202212-3326", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU in the firmware OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-023927", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202212-3326", }, ], trust: 0.6, }, }
var-202302-0453
Vulnerability from variot
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0453", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, ], sources: [ { db: "NVD", id: "CVE-2023-24276", }, ], }, cve: "CVE-2023-24276", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-24276", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-24276", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202302-367", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNNVD", id: "CNNVD-202302-367", }, { db: "NVD", id: "CVE-2023-24276", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules", sources: [ { db: "NVD", id: "CVE-2023-24276", }, { db: "VULMON", id: "CVE-2023-24276", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-24276", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202302-367", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-24276", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-24276", }, { db: "CNNVD", id: "CNNVD-202302-367", }, { db: "NVD", id: "CVE-2023-24276", }, ], }, id: "VAR-202302-0453", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T15:37:09.494000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "", trust: 0.1, url: "https://github.com/Live-Hack-CVE/CVE-2023-24276 ", }, ], sources: [ { db: "VULMON", id: "CVE-2023-24276", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-24276", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/am1ngl/ttt/tree/main/18", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-24276/", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2023-24276", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-24276", }, { db: "CNNVD", id: "CNNVD-202302-367", }, { db: "NVD", id: "CVE-2023-24276", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-24276", }, { db: "CNNVD", id: "CNNVD-202302-367", }, { db: "NVD", id: "CVE-2023-24276", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-06T00:00:00", db: "VULMON", id: "CVE-2023-24276", }, { date: "2023-02-06T00:00:00", db: "CNNVD", id: "CNNVD-202302-367", }, { date: "2023-02-06T15:15:11.267000", db: "NVD", id: "CVE-2023-24276", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-06T00:00:00", db: "VULMON", id: "CVE-2023-24276", }, { date: "2023-02-14T00:00:00", db: "CNNVD", id: "CNNVD-202302-367", }, { date: "2023-02-13T17:24:12.097000", db: "NVD", id: "CVE-2023-24276", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-367", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command injection vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202302-367", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202302-367", }, ], trust: 0.6, }, }
var-202301-1624
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1624", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005996", }, { db: "NVD", id: "CVE-2022-48125", }, ], }, cve: "CVE-2022-48125", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-48125", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-48125", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-48125", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-48125", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202301-1572", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005996", }, { db: "CNNVD", id: "CNNVD-202301-1572", }, { db: "NVD", id: "CVE-2022-48125", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-48125", }, { db: "JVNDB", id: "JVNDB-2022-005996", }, { db: "VULMON", id: "CVE-2022-48125", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-48125", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-005996", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202301-1572", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-48125", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-48125", }, { db: "JVNDB", id: "JVNDB-2022-005996", }, { db: "CNNVD", id: "CNNVD-202301-1572", }, { db: "NVD", id: "CVE-2022-48125", }, ], }, id: "VAR-202301-1624", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:17:29.560000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.totolink.net/", }, { title: "TOTOlink A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=222648", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005996", }, { db: "CNNVD", id: "CNNVD-202301-1572", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005996", }, { db: "NVD", id: "CVE-2022-48125", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/13", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-48125", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-48125/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-48125", }, { db: "JVNDB", id: "JVNDB-2022-005996", }, { db: "CNNVD", id: "CNNVD-202301-1572", }, { db: "NVD", id: "CVE-2022-48125", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-48125", }, { db: "JVNDB", id: "JVNDB-2022-005996", }, { db: "CNNVD", id: "CNNVD-202301-1572", }, { db: "NVD", id: "CVE-2022-48125", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48125", }, { date: "2023-06-23T00:00:00", db: "JVNDB", id: "JVNDB-2022-005996", }, { date: "2023-01-20T00:00:00", db: "CNNVD", id: "CNNVD-202301-1572", }, { date: "2023-01-20T15:15:15.713000", db: "NVD", id: "CVE-2022-48125", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48125", }, { date: "2023-06-23T06:44:00", db: "JVNDB", id: "JVNDB-2022-005996", }, { date: "2023-01-29T00:00:00", db: "CNNVD", id: "CNNVD-202301-1572", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-48125", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202301-1572", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU Command injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-005996", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202301-1572", }, ], trust: 0.6, }, }
var-202205-0051
Vulnerability from variot
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0051", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64264", }, { db: "NVD", id: "CVE-2022-28584", }, ], }, cve: "CVE-2022-28584", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28584", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64264", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28584", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28584", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-64264", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2508", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28584", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64264", }, { db: "VULMON", id: "CVE-2022-28584", }, { db: "CNNVD", id: "CNNVD-202205-2508", }, { db: "NVD", id: "CVE-2022-28584", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28584", }, { db: "CNVD", id: "CNVD-2022-64264", }, { db: "VULMON", id: "CVE-2022-28584", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28584", trust: 2.3, }, { db: "CNVD", id: "CNVD-2022-64264", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2508", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28584", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64264", }, { db: "VULMON", id: "CVE-2022-28584", }, { db: "CNNVD", id: "CNNVD-202205-2508", }, { db: "NVD", id: "CVE-2022-28584", }, ], }, id: "VAR-202205-0051", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64264", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64264", }, ], }, last_update_date: "2024-11-23T22:50:49.084000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192855", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202205-2508", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28584", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/8", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28584", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28584/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64264", }, { db: "VULMON", id: "CVE-2022-28584", }, { db: "CNNVD", id: "CNNVD-202205-2508", }, { db: "NVD", id: "CVE-2022-28584", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64264", }, { db: "VULMON", id: "CVE-2022-28584", }, { db: "CNNVD", id: "CNNVD-202205-2508", }, { db: "NVD", id: "CVE-2022-28584", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64264", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28584", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2508", }, { date: "2022-05-05T18:15:09.983000", db: "NVD", id: "CVE-2022-28584", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64264", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28584", }, { date: "2022-05-16T00:00:00", db: "CNNVD", id: "CNNVD-202205-2508", }, { date: "2024-11-21T06:57:32.990000", db: "NVD", id: "CVE-2022-28584", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2508", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command Injection Vulnerability (CNVD-2022-64264)", sources: [ { db: "CNVD", id: "CNVD-2022-64264", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2508", }, ], trust: 0.6, }, }
var-202212-1425
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. TOTOLINK of A7100RU The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1425", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023926", }, { db: "NVD", id: "CVE-2022-46631", }, ], }, cve: "CVE-2022-46631", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-46631", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-46631", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-46631", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-46631", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202212-3327", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023926", }, { db: "CNNVD", id: "CNNVD-202212-3327", }, { db: "NVD", id: "CVE-2022-46631", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. TOTOLINK of A7100RU The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-46631", }, { db: "JVNDB", id: "JVNDB-2022-023926", }, { db: "VULMON", id: "CVE-2022-46631", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-46631", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-023926", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202212-3327", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-46631", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-46631", }, { db: "JVNDB", id: "JVNDB-2022-023926", }, { db: "CNNVD", id: "CNNVD-202212-3327", }, { db: "NVD", id: "CVE-2022-46631", }, ], }, id: "VAR-202212-1425", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:55:06.852000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-023926", }, { db: "NVD", id: "CVE-2022-46631", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/6", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-46631", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-46631/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-46631", }, { db: "JVNDB", id: "JVNDB-2022-023926", }, { db: "CNNVD", id: "CNNVD-202212-3327", }, { db: "NVD", id: "CVE-2022-46631", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-46631", }, { db: "JVNDB", id: "JVNDB-2022-023926", }, { db: "CNNVD", id: "CNNVD-202212-3327", }, { db: "NVD", id: "CVE-2022-46631", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-15T00:00:00", db: "VULMON", id: "CVE-2022-46631", }, { date: "2023-11-30T00:00:00", db: "JVNDB", id: "JVNDB-2022-023926", }, { date: "2022-12-15T00:00:00", db: "CNNVD", id: "CNNVD-202212-3327", }, { date: "2022-12-15T22:15:10.383000", db: "NVD", id: "CVE-2022-46631", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-12-16T00:00:00", db: "VULMON", id: "CVE-2022-46631", }, { date: "2023-11-30T04:34:00", db: "JVNDB", id: "JVNDB-2022-023926", }, { date: "2022-12-22T00:00:00", db: "CNNVD", id: "CNNVD-202212-3327", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-46631", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202212-3327", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU in the firmware OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-023926", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202212-3327", }, ], trust: 0.6, }, }
var-202301-1689
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1689", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005997", }, { db: "NVD", id: "CVE-2022-48124", }, ], }, cve: "CVE-2022-48124", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-48124", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-48124", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-48124", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-48124", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202301-1564", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005997", }, { db: "CNNVD", id: "CNNVD-202301-1564", }, { db: "NVD", id: "CVE-2022-48124", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-48124", }, { db: "JVNDB", id: "JVNDB-2022-005997", }, { db: "VULMON", id: "CVE-2022-48124", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-48124", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-005997", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202301-1564", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-48124", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-48124", }, { db: "JVNDB", id: "JVNDB-2022-005997", }, { db: "CNNVD", id: "CNNVD-202301-1564", }, { db: "NVD", id: "CVE-2022-48124", }, ], }, id: "VAR-202301-1689", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:30:46.766000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.totolink.net/", }, { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=222642", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005997", }, { db: "CNNVD", id: "CNNVD-202301-1564", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005997", }, { db: "NVD", id: "CVE-2022-48124", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/14", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-48124", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-48124/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-48124", }, { db: "JVNDB", id: "JVNDB-2022-005997", }, { db: "CNNVD", id: "CNNVD-202301-1564", }, { db: "NVD", id: "CVE-2022-48124", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-48124", }, { db: "JVNDB", id: "JVNDB-2022-005997", }, { db: "CNNVD", id: "CNNVD-202301-1564", }, { db: "NVD", id: "CVE-2022-48124", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48124", }, { date: "2023-06-23T00:00:00", db: "JVNDB", id: "JVNDB-2022-005997", }, { date: "2023-01-20T00:00:00", db: "CNNVD", id: "CNNVD-202301-1564", }, { date: "2023-01-20T15:15:15.277000", db: "NVD", id: "CVE-2022-48124", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48124", }, { date: "2023-06-23T06:47:00", db: "JVNDB", id: "JVNDB-2022-005997", }, { date: "2023-01-29T00:00:00", db: "CNNVD", id: "CNNVD-202301-1564", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-48124", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202301-1564", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU Command injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-005997", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202301-1564", }, ], trust: 0.6, }, }
var-202302-1739
Vulnerability from variot
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1739", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004442", }, { db: "NVD", id: "CVE-2023-24184", }, ], }, cve: "CVE-2023-24184", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-24184", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-24184", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-24184", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-24184", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202302-1699", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004442", }, { db: "CNNVD", id: "CNNVD-202302-1699", }, { db: "NVD", id: "CVE-2023-24184", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-24184", }, { db: "JVNDB", id: "JVNDB-2023-004442", }, { db: "VULMON", id: "CVE-2023-24184", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-24184", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-004442", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1699", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-24184", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-24184", }, { db: "JVNDB", id: "JVNDB-2023-004442", }, { db: "CNNVD", id: "CNNVD-202302-1699", }, { db: "NVD", id: "CVE-2023-24184", }, ], }, id: "VAR-202302-1739", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T13:21:05.533000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004442", }, { db: "NVD", id: "CVE-2023-24184", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/fuxianghah/iot/tree/main/motorala/mr2600/13", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-24184", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-24184/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-24184", }, { db: "JVNDB", id: "JVNDB-2023-004442", }, { db: "CNNVD", id: "CNNVD-202302-1699", }, { db: "NVD", id: "CVE-2023-24184", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-24184", }, { db: "JVNDB", id: "JVNDB-2023-004442", }, { db: "CNNVD", id: "CNNVD-202302-1699", }, { db: "NVD", id: "CVE-2023-24184", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-21T00:00:00", db: "VULMON", id: "CVE-2023-24184", }, { date: "2023-10-30T00:00:00", db: "JVNDB", id: "JVNDB-2023-004442", }, { date: "2023-02-21T00:00:00", db: "CNNVD", id: "CNNVD-202302-1699", }, { date: "2023-02-21T15:15:12.197000", db: "NVD", id: "CVE-2023-24184", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-21T00:00:00", db: "VULMON", id: "CVE-2023-24184", }, { date: "2023-10-30T06:17:00", db: "JVNDB", id: "JVNDB-2023-004442", }, { date: "2023-03-03T00:00:00", db: "CNNVD", id: "CNNVD-202302-1699", }, { date: "2023-03-02T16:23:19.737000", db: "NVD", id: "CVE-2023-24184", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1699", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-004442", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202302-1699", }, ], trust: 0.6, }, }
var-202301-1657
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1657", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005999", }, { db: "NVD", id: "CVE-2022-48122", }, ], }, cve: "CVE-2022-48122", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-48122", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-48122", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-48122", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-48122", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202301-1567", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005999", }, { db: "CNNVD", id: "CNNVD-202301-1567", }, { db: "NVD", id: "CVE-2022-48122", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-48122", }, { db: "JVNDB", id: "JVNDB-2022-005999", }, { db: "VULMON", id: "CVE-2022-48122", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-48122", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-005999", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202301-1567", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-48122", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-48122", }, { db: "JVNDB", id: "JVNDB-2022-005999", }, { db: "CNNVD", id: "CNNVD-202301-1567", }, { db: "NVD", id: "CVE-2022-48122", }, ], }, id: "VAR-202301-1657", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:10:21.102000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.totolink.net/", }, { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=222645", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005999", }, { db: "CNNVD", id: "CNNVD-202301-1567", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005999", }, { db: "NVD", id: "CVE-2022-48122", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/17", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-48122", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-48122/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-48122", }, { db: "JVNDB", id: "JVNDB-2022-005999", }, { db: "CNNVD", id: "CNNVD-202301-1567", }, { db: "NVD", id: "CVE-2022-48122", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-48122", }, { db: "JVNDB", id: "JVNDB-2022-005999", }, { db: "CNNVD", id: "CNNVD-202301-1567", }, { db: "NVD", id: "CVE-2022-48122", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48122", }, { date: "2023-06-23T00:00:00", db: "JVNDB", id: "JVNDB-2022-005999", }, { date: "2023-01-20T00:00:00", db: "CNNVD", id: "CNNVD-202301-1567", }, { date: "2023-01-20T15:15:14.553000", db: "NVD", id: "CVE-2022-48122", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48122", }, { date: "2023-06-23T06:59:00", db: "JVNDB", id: "JVNDB-2022-005999", }, { date: "2023-01-29T00:00:00", db: "CNNVD", id: "CNNVD-202301-1567", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-48122", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202301-1567", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU Command injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-005999", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202301-1567", }, ], trust: 0.6, }, }
var-202211-1688
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1688", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, ], sources: [ { db: "NVD", id: "CVE-2022-44844", }, ], }, cve: "CVE-2022-44844", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-44844", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-44844", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202211-3510", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNNVD", id: "CNNVD-202211-3510", }, { db: "NVD", id: "CVE-2022-44844", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function", sources: [ { db: "NVD", id: "CVE-2022-44844", }, { db: "VULMON", id: "CVE-2022-44844", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-44844", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202211-3510", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-44844", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-44844", }, { db: "CNNVD", id: "CNNVD-202211-3510", }, { db: "NVD", id: "CVE-2022-44844", }, ], }, id: "VAR-202211-1688", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:43:38.347000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-44844", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/2", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-44844/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-44844", }, { db: "CNNVD", id: "CNNVD-202211-3510", }, { db: "NVD", id: "CVE-2022-44844", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-44844", }, { db: "CNNVD", id: "CNNVD-202211-3510", }, { db: "NVD", id: "CVE-2022-44844", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-25T00:00:00", db: "VULMON", id: "CVE-2022-44844", }, { date: "2022-11-25T00:00:00", db: "CNNVD", id: "CNNVD-202211-3510", }, { date: "2022-11-25T20:15:11.140000", db: "NVD", id: "CVE-2022-44844", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-26T00:00:00", db: "VULMON", id: "CVE-2022-44844", }, { date: "2022-12-02T00:00:00", db: "CNNVD", id: "CNNVD-202211-3510", }, { date: "2023-08-08T14:22:24.967000", db: "NVD", id: "CVE-2022-44844", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202211-3510", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command injection vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202211-3510", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202211-3510", }, ], trust: 0.6, }, }
var-202205-0304
Vulnerability from variot
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0304", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64267", }, { db: "NVD", id: "CVE-2022-28581", }, ], }, cve: "CVE-2022-28581", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28581", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64267", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28581", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28581", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-64267", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2512", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28581", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64267", }, { db: "VULMON", id: "CVE-2022-28581", }, { db: "CNNVD", id: "CNNVD-202205-2512", }, { db: "NVD", id: "CVE-2022-28581", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28581", }, { db: "CNVD", id: "CNVD-2022-64267", }, { db: "VULMON", id: "CVE-2022-28581", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28581", trust: 2.3, }, { db: "CNVD", id: "CNVD-2022-64267", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2512", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28581", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64267", }, { db: "VULMON", id: "CVE-2022-28581", }, { db: "CNNVD", id: "CNNVD-202205-2512", }, { db: "NVD", id: "CVE-2022-28581", }, ], }, id: "VAR-202205-0304", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64267", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64267", }, ], }, last_update_date: "2024-11-23T22:15:47.992000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192859", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202205-2512", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28581", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/9", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28581", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28581/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64267", }, { db: "VULMON", id: "CVE-2022-28581", }, { db: "CNNVD", id: "CNNVD-202205-2512", }, { db: "NVD", id: "CVE-2022-28581", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64267", }, { db: "VULMON", id: "CVE-2022-28581", }, { db: "CNNVD", id: "CNNVD-202205-2512", }, { db: "NVD", id: "CVE-2022-28581", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64267", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28581", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2512", }, { date: "2022-05-05T18:15:09.843000", db: "NVD", id: "CVE-2022-28581", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64267", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28581", }, { date: "2022-05-16T00:00:00", db: "CNNVD", id: "CNNVD-202205-2512", }, { date: "2024-11-21T06:57:32.580000", db: "NVD", id: "CVE-2022-28581", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2512", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command Injection Vulnerability (CNVD-2022-64267)", sources: [ { db: "CNVD", id: "CNVD-2022-64267", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2512", }, ], trust: 0.6, }, }
var-202205-0050
Vulnerability from variot
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0050", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64266", }, { db: "NVD", id: "CVE-2022-28582", }, ], }, cve: "CVE-2022-28582", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28582", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64266", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28582", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28582", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-64266", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2509", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28582", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64266", }, { db: "VULMON", id: "CVE-2022-28582", }, { db: "CNNVD", id: "CNNVD-202205-2509", }, { db: "NVD", id: "CVE-2022-28582", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28582", }, { db: "CNVD", id: "CNVD-2022-64266", }, { db: "VULMON", id: "CVE-2022-28582", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28582", trust: 2.3, }, { db: "CNVD", id: "CNVD-2022-64266", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2509", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28582", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64266", }, { db: "VULMON", id: "CVE-2022-28582", }, { db: "CNNVD", id: "CNNVD-202205-2509", }, { db: "NVD", id: "CVE-2022-28582", }, ], }, id: "VAR-202205-0050", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64266", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64266", }, ], }, last_update_date: "2024-11-23T22:54:35.886000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192856", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202205-2509", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28582", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/6", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28582", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28582/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64266", }, { db: "VULMON", id: "CVE-2022-28582", }, { db: "CNNVD", id: "CNNVD-202205-2509", }, { db: "NVD", id: "CVE-2022-28582", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64266", }, { db: "VULMON", id: "CVE-2022-28582", }, { db: "CNNVD", id: "CNNVD-202205-2509", }, { db: "NVD", id: "CVE-2022-28582", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64266", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28582", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2509", }, { date: "2022-05-05T18:15:09.887000", db: "NVD", id: "CVE-2022-28582", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64266", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28582", }, { date: "2022-05-31T00:00:00", db: "CNNVD", id: "CNNVD-202205-2509", }, { date: "2024-11-21T06:57:32.713000", db: "NVD", id: "CVE-2022-28582", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2509", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command Injection Vulnerability (CNVD-2022-64266)", sources: [ { db: "CNVD", id: "CNVD-2022-64266", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2509", }, ], trust: 0.6, }, }
var-202306-0797
Vulnerability from variot
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0797", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, ], sources: [ { db: "NVD", id: "CVE-2023-33556", }, ], }, cve: "CVE-2023-33556", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-33556", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-33556", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202306-575", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNNVD", id: "CNNVD-202306-575", }, { db: "NVD", id: "CVE-2023-33556", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg", sources: [ { db: "NVD", id: "CVE-2023-33556", }, { db: "VULMON", id: "CVE-2023-33556", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-33556", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202306-575", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-33556", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-33556", }, { db: "CNNVD", id: "CNNVD-202306-575", }, { db: "NVD", id: "CVE-2023-33556", }, ], }, id: "VAR-202306-0797", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T15:26:35.243000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=241798", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202306-575", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-33556", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/am1ngl/ttt/tree/main/37", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-33556/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-33556", }, { db: "CNNVD", id: "CNNVD-202306-575", }, { db: "NVD", id: "CVE-2023-33556", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-33556", }, { db: "CNNVD", id: "CNNVD-202306-575", }, { db: "NVD", id: "CVE-2023-33556", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-07T00:00:00", db: "VULMON", id: "CVE-2023-33556", }, { date: "2023-06-07T00:00:00", db: "CNNVD", id: "CNNVD-202306-575", }, { date: "2023-06-07T21:15:13.567000", db: "NVD", id: "CVE-2023-33556", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-07T00:00:00", db: "VULMON", id: "CVE-2023-33556", }, { date: "2023-06-15T00:00:00", db: "CNNVD", id: "CNNVD-202306-575", }, { date: "2023-06-14T02:12:06.793000", db: "NVD", id: "CVE-2023-33556", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202306-575", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command injection vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202306-575", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202306-575", }, ], trust: 0.6, }, }
var-202304-0488
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0488", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006845", }, { db: "NVD", id: "CVE-2023-26978", }, ], }, cve: "CVE-2023-26978", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-26978", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-26978", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-26978", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-26978", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202304-477", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006845", }, { db: "CNNVD", id: "CNNVD-202304-477", }, { db: "NVD", id: "CVE-2023-26978", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-26978", }, { db: "JVNDB", id: "JVNDB-2023-006845", }, { db: "VULMON", id: "CVE-2023-26978", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-26978", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-006845", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202304-477", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-26978", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-26978", }, { db: "JVNDB", id: "JVNDB-2023-006845", }, { db: "CNNVD", id: "CNNVD-202304-477", }, { db: "NVD", id: "CVE-2023-26978", }, ], }, id: "VAR-202304-0488", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:17:19.314000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006845", }, { db: "NVD", id: "CVE-2023-26978", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/28", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-26978", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-26978/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-26978", }, { db: "JVNDB", id: "JVNDB-2023-006845", }, { db: "CNNVD", id: "CNNVD-202304-477", }, { db: "NVD", id: "CVE-2023-26978", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-26978", }, { db: "JVNDB", id: "JVNDB-2023-006845", }, { db: "CNNVD", id: "CNNVD-202304-477", }, { db: "NVD", id: "CVE-2023-26978", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-07T00:00:00", db: "VULMON", id: "CVE-2023-26978", }, { date: "2023-11-16T00:00:00", db: "JVNDB", id: "JVNDB-2023-006845", }, { date: "2023-04-07T00:00:00", db: "CNNVD", id: "CNNVD-202304-477", }, { date: "2023-04-07T04:15:41.213000", db: "NVD", id: "CVE-2023-26978", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-07T00:00:00", db: "VULMON", id: "CVE-2023-26978", }, { date: "2023-11-16T06:56:00", db: "JVNDB", id: "JVNDB-2023-006845", }, { date: "2023-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202304-477", }, { date: "2023-04-13T18:04:16.177000", db: "NVD", id: "CVE-2023-26978", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202304-477", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-006845", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202304-477", }, ], trust: 0.6, }, }
var-202211-1815
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1815", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, ], sources: [ { db: "NVD", id: "CVE-2022-44843", }, ], }, cve: "CVE-2022-44843", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-44843", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-44843", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202211-3511", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNNVD", id: "CNNVD-202211-3511", }, { db: "NVD", id: "CVE-2022-44843", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function", sources: [ { db: "NVD", id: "CVE-2022-44843", }, { db: "VULMON", id: "CVE-2022-44843", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-44843", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202211-3511", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-44843", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-44843", }, { db: "CNNVD", id: "CNNVD-202211-3511", }, { db: "NVD", id: "CVE-2022-44843", }, ], }, id: "VAR-202211-1815", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T15:42:05.982000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-44843", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/1", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-44843/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-44843", }, { db: "CNNVD", id: "CNNVD-202211-3511", }, { db: "NVD", id: "CVE-2022-44843", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-44843", }, { db: "CNNVD", id: "CNNVD-202211-3511", }, { db: "NVD", id: "CVE-2022-44843", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-25T00:00:00", db: "VULMON", id: "CVE-2022-44843", }, { date: "2022-11-25T00:00:00", db: "CNNVD", id: "CNNVD-202211-3511", }, { date: "2022-11-25T20:15:11.090000", db: "NVD", id: "CVE-2022-44843", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-26T00:00:00", db: "VULMON", id: "CVE-2022-44843", }, { date: "2022-12-02T00:00:00", db: "CNNVD", id: "CNNVD-202211-3511", }, { date: "2023-08-08T14:22:24.967000", db: "NVD", id: "CVE-2022-44843", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202211-3511", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command injection vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202211-3511", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202211-3511", }, ], trust: 0.6, }, }
var-202205-0346
Vulnerability from variot
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0346", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64270", }, { db: "NVD", id: "CVE-2022-28578", }, ], }, cve: "CVE-2022-28578", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28578", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64270", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28578", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28578", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-64270", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2514", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28578", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64270", }, { db: "VULMON", id: "CVE-2022-28578", }, { db: "CNNVD", id: "CNNVD-202205-2514", }, { db: "NVD", id: "CVE-2022-28578", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28578", }, { db: "CNVD", id: "CNVD-2022-64270", }, { db: "VULMON", id: "CVE-2022-28578", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28578", trust: 2.3, }, { db: "CNVD", id: "CNVD-2022-64270", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2514", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28578", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64270", }, { db: "VULMON", id: "CVE-2022-28578", }, { db: "CNNVD", id: "CNNVD-202205-2514", }, { db: "NVD", id: "CVE-2022-28578", }, ], }, id: "VAR-202205-0346", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64270", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64270", }, ], }, last_update_date: "2024-11-23T22:15:47.944000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192861", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202205-2514", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28578", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/2", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28578", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28578/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64270", }, { db: "VULMON", id: "CVE-2022-28578", }, { db: "CNNVD", id: "CNNVD-202205-2514", }, { db: "NVD", id: "CVE-2022-28578", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64270", }, { db: "VULMON", id: "CVE-2022-28578", }, { db: "CNNVD", id: "CNNVD-202205-2514", }, { db: "NVD", id: "CVE-2022-28578", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64270", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28578", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2514", }, { date: "2022-05-05T18:15:09.707000", db: "NVD", id: "CVE-2022-28578", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64270", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28578", }, { date: "2022-05-16T00:00:00", db: "CNNVD", id: "CNNVD-202205-2514", }, { date: "2024-11-21T06:57:32.140000", db: "NVD", id: "CVE-2022-28578", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2514", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command Injection Vulnerability (CNVD-2022-64270)", sources: [ { db: "CNVD", id: "CNVD-2022-64270", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2514", }, ], trust: 0.6, }, }
var-202312-0729
Vulnerability from variot
A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability is caused by the failure of the parameter flag in the file /cgi-bin/cstecgi.cgi?action=login to correctly verify the length of the input data. A remote attacker can exploit this vulnerability. The vulnerability could execute arbitrary code on the system or lead to a denial of service attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0729", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-101089", }, { db: "JVNDB", id: "JVNDB-2023-023725", }, { db: "NVD", id: "CVE-2023-7095", }, ], }, cve: "CVE-2023-7095", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "cna@vuldb.com", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2023-7095", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2023-101089", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@vuldb.com", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-7095", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-7095", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "cna@vuldb.com", id: "CVE-2023-7095", trust: 1, value: "CRITICAL", }, { author: "nvd@nist.gov", id: "CVE-2023-7095", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-7095", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2023-101089", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-101089", }, { db: "JVNDB", id: "JVNDB-2023-023725", }, { db: "NVD", id: "CVE-2023-7095", }, { db: "NVD", id: "CVE-2023-7095", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. TOTOLINK of A7100RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router made by China Zeon Electronics (TOTOLINK) Company. The vulnerability is caused by the failure of the parameter flag in the file /cgi-bin/cstecgi.cgi?action=login to correctly verify the length of the input data. A remote attacker can exploit this vulnerability. The vulnerability could execute arbitrary code on the system or lead to a denial of service attack", sources: [ { db: "NVD", id: "CVE-2023-7095", }, { db: "JVNDB", id: "JVNDB-2023-023725", }, { db: "CNVD", id: "CNVD-2023-101089", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-7095", trust: 3.2, }, { db: "VULDB", id: "248942", trust: 1.8, }, { db: "JVNDB", id: "JVNDB-2023-023725", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-101089", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-101089", }, { db: "JVNDB", id: "JVNDB-2023-023725", }, { db: "NVD", id: "CVE-2023-7095", }, ], }, id: "VAR-202312-0729", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-101089", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-101089", }, ], }, last_update_date: "2024-08-14T14:01:30.058000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-023725", }, { db: "NVD", id: "CVE-2023-7095", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://github.com/unpwn4bl3/iot-security/blob/main/2.md", }, { trust: 1.8, url: "https://vuldb.com/?id.248942", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2023-7095", }, { trust: 1, url: "https://vuldb.com/?ctiid.248942", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-101089", }, { db: "JVNDB", id: "JVNDB-2023-023725", }, { db: "NVD", id: "CVE-2023-7095", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-101089", }, { db: "JVNDB", id: "JVNDB-2023-023725", }, { db: "NVD", id: "CVE-2023-7095", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-12-27T00:00:00", db: "CNVD", id: "CNVD-2023-101089", }, { date: "2024-01-29T00:00:00", db: "JVNDB", id: "JVNDB-2023-023725", }, { date: "2023-12-25T01:15:08.203000", db: "NVD", id: "CVE-2023-7095", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-12-28T00:00:00", db: "CNVD", id: "CNVD-2023-101089", }, { date: "2024-01-29T06:27:00", db: "JVNDB", id: "JVNDB-2023-023725", }, { date: "2024-05-17T02:34:09.120000", db: "NVD", id: "CVE-2023-7095", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Classic buffer overflow vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-023725", }, ], trust: 0.8, }, }
var-202302-1332
Vulnerability from variot
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1332", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004071", }, { db: "NVD", id: "CVE-2023-24236", }, ], }, cve: "CVE-2023-24236", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-24236", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-24236", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-24236", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-24236", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202302-1369", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004071", }, { db: "CNNVD", id: "CNNVD-202302-1369", }, { db: "NVD", id: "CVE-2023-24236", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-24236", }, { db: "JVNDB", id: "JVNDB-2023-004071", }, { db: "VULMON", id: "CVE-2023-24236", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-24236", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-004071", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1369", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-24236", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-24236", }, { db: "JVNDB", id: "JVNDB-2023-004071", }, { db: "CNNVD", id: "CNNVD-202302-1369", }, { db: "NVD", id: "CVE-2023-24236", }, ], }, id: "VAR-202302-1332", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:30:44.548000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226786", }, { title: "", trust: 0.1, url: "https://github.com/Live-Hack-CVE/CVE-2023-24236 ", }, ], sources: [ { db: "VULMON", id: "CVE-2023-24236", }, { db: "CNNVD", id: "CNNVD-202302-1369", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004071", }, { db: "NVD", id: "CVE-2023-24236", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/19", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-24236", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-24236/", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2023-24236", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-24236", }, { db: "JVNDB", id: "JVNDB-2023-004071", }, { db: "CNNVD", id: "CNNVD-202302-1369", }, { db: "NVD", id: "CVE-2023-24236", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-24236", }, { db: "JVNDB", id: "JVNDB-2023-004071", }, { db: "CNNVD", id: "CNNVD-202302-1369", }, { db: "NVD", id: "CVE-2023-24236", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2023-24236", }, { date: "2023-10-26T00:00:00", db: "JVNDB", id: "JVNDB-2023-004071", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1369", }, { date: "2023-02-16T15:15:18.980000", db: "NVD", id: "CVE-2023-24236", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2023-24236", }, { date: "2023-10-26T01:44:00", db: "JVNDB", id: "JVNDB-2023-004071", }, { date: "2023-02-27T00:00:00", db: "CNNVD", id: "CNNVD-202302-1369", }, { date: "2023-02-24T19:53:34.753000", db: "NVD", id: "CVE-2023-24236", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1369", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-004071", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202302-1369", }, ], trust: 0.6, }, }
var-202302-1331
Vulnerability from variot
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1331", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004070", }, { db: "NVD", id: "CVE-2023-24238", }, ], }, cve: "CVE-2023-24238", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-24238", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-24238", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-24238", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-24238", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202302-1370", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004070", }, { db: "CNNVD", id: "CNNVD-202302-1370", }, { db: "NVD", id: "CVE-2023-24238", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-24238", }, { db: "JVNDB", id: "JVNDB-2023-004070", }, { db: "VULMON", id: "CVE-2023-24238", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-24238", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-004070", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1370", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-24238", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-24238", }, { db: "JVNDB", id: "JVNDB-2023-004070", }, { db: "CNNVD", id: "CNNVD-202302-1370", }, { db: "NVD", id: "CVE-2023-24238", }, ], }, id: "VAR-202302-1331", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:49:19.230000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=226787", }, { title: "", trust: 0.1, url: "https://github.com/Live-Hack-CVE/CVE-2023-24238 ", }, ], sources: [ { db: "VULMON", id: "CVE-2023-24238", }, { db: "CNNVD", id: "CNNVD-202302-1370", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004070", }, { db: "NVD", id: "CVE-2023-24238", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/20", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-24238", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-24238/", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2023-24238", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-24238", }, { db: "JVNDB", id: "JVNDB-2023-004070", }, { db: "CNNVD", id: "CNNVD-202302-1370", }, { db: "NVD", id: "CVE-2023-24238", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-24238", }, { db: "JVNDB", id: "JVNDB-2023-004070", }, { db: "CNNVD", id: "CNNVD-202302-1370", }, { db: "NVD", id: "CVE-2023-24238", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2023-24238", }, { date: "2023-10-26T00:00:00", db: "JVNDB", id: "JVNDB-2023-004070", }, { date: "2023-02-16T00:00:00", db: "CNNVD", id: "CNNVD-202302-1370", }, { date: "2023-02-16T15:15:19.193000", db: "NVD", id: "CVE-2023-24238", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-16T00:00:00", db: "VULMON", id: "CVE-2023-24238", }, { date: "2023-10-26T01:44:00", db: "JVNDB", id: "JVNDB-2023-004070", }, { date: "2023-02-27T00:00:00", db: "CNNVD", id: "CNNVD-202302-1370", }, { date: "2023-02-24T19:55:24.737000", db: "NVD", id: "CVE-2023-24238", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202302-1370", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-004070", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202302-1370", }, ], trust: 0.6, }, }
var-202205-0204
Vulnerability from variot
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0204", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64268", }, { db: "NVD", id: "CVE-2022-28580", }, ], }, cve: "CVE-2022-28580", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28580", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64268", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28580", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28580", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-64268", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2511", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28580", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64268", }, { db: "VULMON", id: "CVE-2022-28580", }, { db: "CNNVD", id: "CNNVD-202205-2511", }, { db: "NVD", id: "CVE-2022-28580", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28580", }, { db: "CNVD", id: "CNVD-2022-64268", }, { db: "VULMON", id: "CVE-2022-28580", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28580", trust: 2.3, }, { db: "CNVD", id: "CNVD-2022-64268", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2511", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28580", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64268", }, { db: "VULMON", id: "CVE-2022-28580", }, { db: "CNNVD", id: "CNNVD-202205-2511", }, { db: "NVD", id: "CVE-2022-28580", }, ], }, id: "VAR-202205-0204", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64268", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64268", }, ], }, last_update_date: "2024-11-23T21:32:28.733000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192858", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202205-2511", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28580", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/5", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28580", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28580/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64268", }, { db: "VULMON", id: "CVE-2022-28580", }, { db: "CNNVD", id: "CNNVD-202205-2511", }, { db: "NVD", id: "CVE-2022-28580", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64268", }, { db: "VULMON", id: "CVE-2022-28580", }, { db: "CNNVD", id: "CNNVD-202205-2511", }, { db: "NVD", id: "CVE-2022-28580", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64268", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28580", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2511", }, { date: "2022-05-05T18:15:09.797000", db: "NVD", id: "CVE-2022-28580", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64268", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28580", }, { date: "2022-05-31T00:00:00", db: "CNNVD", id: "CNNVD-202205-2511", }, { date: "2024-11-21T06:57:32.440000", db: "NVD", id: "CVE-2022-28580", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2511", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command Injection Vulnerability (CNVD-2022-64268)", sources: [ { db: "CNVD", id: "CNVD-2022-64268", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2511", }, ], trust: 0.6, }, }
var-202205-0121
Vulnerability from variot
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0121", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64271", }, { db: "JVNDB", id: "JVNDB-2022-009043", }, { db: "NVD", id: "CVE-2022-28577", }, ], }, cve: "CVE-2022-28577", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28577", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64271", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28577", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-28577", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28577", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-28577", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2022-64271", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2517", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28577", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64271", }, { db: "VULMON", id: "CVE-2022-28577", }, { db: "JVNDB", id: "JVNDB-2022-009043", }, { db: "CNNVD", id: "CNNVD-202205-2517", }, { db: "NVD", id: "CVE-2022-28577", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28577", }, { db: "JVNDB", id: "JVNDB-2022-009043", }, { db: "CNVD", id: "CNVD-2022-64271", }, { db: "VULMON", id: "CVE-2022-28577", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28577", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2022-009043", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-64271", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2517", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28577", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64271", }, { db: "VULMON", id: "CVE-2022-28577", }, { db: "JVNDB", id: "JVNDB-2022-009043", }, { db: "CNNVD", id: "CNNVD-202205-2517", }, { db: "NVD", id: "CVE-2022-28577", }, ], }, id: "VAR-202205-0121", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64271", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64271", }, ], }, last_update_date: "2024-11-23T22:43:57.136000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-009043", }, { db: "NVD", id: "CVE-2022-28577", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/3", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28577", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28577/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64271", }, { db: "VULMON", id: "CVE-2022-28577", }, { db: "JVNDB", id: "JVNDB-2022-009043", }, { db: "CNNVD", id: "CNNVD-202205-2517", }, { db: "NVD", id: "CVE-2022-28577", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64271", }, { db: "VULMON", id: "CVE-2022-28577", }, { db: "JVNDB", id: "JVNDB-2022-009043", }, { db: "CNNVD", id: "CNNVD-202205-2517", }, { db: "NVD", id: "CVE-2022-28577", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64271", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28577", }, { date: "2023-08-02T00:00:00", db: "JVNDB", id: "JVNDB-2022-009043", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2517", }, { date: "2022-05-05T18:15:09.657000", db: "NVD", id: "CVE-2022-28577", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64271", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28577", }, { date: "2023-08-02T08:20:00", db: "JVNDB", id: "JVNDB-2022-009043", }, { date: "2022-05-16T00:00:00", db: "CNNVD", id: "CNNVD-202205-2517", }, { date: "2024-11-21T06:57:31.973000", db: "NVD", id: "CVE-2022-28577", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2517", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2022-009043", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2517", }, ], trust: 0.6, }, }
var-202305-0367
Vulnerability from variot
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0367", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, ], sources: [ { db: "NVD", id: "CVE-2023-30054", }, ], }, cve: "CVE-2023-30054", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-30054", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-30054", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202305-297", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-297", }, { db: "NVD", id: "CVE-2023-30054", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload", sources: [ { db: "NVD", id: "CVE-2023-30054", }, { db: "VULMON", id: "CVE-2023-30054", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-30054", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202305-297", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-30054", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-30054", }, { db: "CNNVD", id: "CNNVD-202305-297", }, { db: "NVD", id: "CVE-2023-30054", }, ], }, id: "VAR-202305-0367", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:30:30.671000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=237206", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-297", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-30054", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/am1ngl/ttt/tree/main/161", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-30054/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-30054", }, { db: "CNNVD", id: "CNNVD-202305-297", }, { db: "NVD", id: "CVE-2023-30054", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-30054", }, { db: "CNNVD", id: "CNNVD-202305-297", }, { db: "NVD", id: "CVE-2023-30054", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-05T00:00:00", db: "VULMON", id: "CVE-2023-30054", }, { date: "2023-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202305-297", }, { date: "2023-05-05T15:15:10.070000", db: "NVD", id: "CVE-2023-30054", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-05T00:00:00", db: "VULMON", id: "CVE-2023-30054", }, { date: "2023-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202305-297", }, { date: "2023-05-11T18:38:32.380000", db: "NVD", id: "CVE-2023-30054", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202305-297", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Operating system command injection vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202305-297", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202305-297", }, ], trust: 0.6, }, }
var-202303-0603
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. TOTOLINK of A7100RU The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-0603", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005054", }, { db: "NVD", id: "CVE-2023-25395", }, ], }, cve: "CVE-2023-25395", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-25395", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-25395", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-25395", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-25395", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202303-619", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005054", }, { db: "CNNVD", id: "CNNVD-202303-619", }, { db: "NVD", id: "CVE-2023-25395", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. TOTOLINK of A7100RU The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-25395", }, { db: "JVNDB", id: "JVNDB-2023-005054", }, { db: "VULMON", id: "CVE-2023-25395", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-25395", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-005054", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202303-619", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-25395", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-25395", }, { db: "JVNDB", id: "JVNDB-2023-005054", }, { db: "CNNVD", id: "CNNVD-202303-619", }, { db: "NVD", id: "CVE-2023-25395", }, ], }, id: "VAR-202303-0603", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T15:11:00.250000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=229023", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202303-619", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005054", }, { db: "NVD", id: "CVE-2023-25395", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/22", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-25395", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-25395/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-25395", }, { db: "JVNDB", id: "JVNDB-2023-005054", }, { db: "CNNVD", id: "CNNVD-202303-619", }, { db: "NVD", id: "CVE-2023-25395", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-25395", }, { db: "JVNDB", id: "JVNDB-2023-005054", }, { db: "CNNVD", id: "CNNVD-202303-619", }, { db: "NVD", id: "CVE-2023-25395", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-08T00:00:00", db: "VULMON", id: "CVE-2023-25395", }, { date: "2023-11-06T00:00:00", db: "JVNDB", id: "JVNDB-2023-005054", }, { date: "2023-03-08T00:00:00", db: "CNNVD", id: "CNNVD-202303-619", }, { date: "2023-03-08T14:15:09.760000", db: "NVD", id: "CVE-2023-25395", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-08T00:00:00", db: "VULMON", id: "CVE-2023-25395", }, { date: "2023-11-06T05:26:00", db: "JVNDB", id: "JVNDB-2023-005054", }, { date: "2023-03-15T00:00:00", db: "CNNVD", id: "CNNVD-202303-619", }, { date: "2024-03-08T14:15:52.223000", db: "NVD", id: "CVE-2023-25395", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202303-619", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU in the firmware OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2023-005054", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202303-619", }, ], trust: 0.6, }, }
var-202205-0203
Vulnerability from variot
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0203", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64272", }, { db: "JVNDB", id: "JVNDB-2022-009044", }, { db: "NVD", id: "CVE-2022-28575", }, ], }, cve: "CVE-2022-28575", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28575", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64272", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28575", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-28575", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28575", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-28575", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2022-64272", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2515", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28575", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64272", }, { db: "VULMON", id: "CVE-2022-28575", }, { db: "JVNDB", id: "JVNDB-2022-009044", }, { db: "CNNVD", id: "CNNVD-202205-2515", }, { db: "NVD", id: "CVE-2022-28575", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28575", }, { db: "JVNDB", id: "JVNDB-2022-009044", }, { db: "CNVD", id: "CNVD-2022-64272", }, { db: "VULMON", id: "CVE-2022-28575", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28575", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2022-009044", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-64272", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2515", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28575", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64272", }, { db: "VULMON", id: "CVE-2022-28575", }, { db: "JVNDB", id: "JVNDB-2022-009044", }, { db: "CNNVD", id: "CNNVD-202205-2515", }, { db: "NVD", id: "CVE-2022-28575", }, ], }, id: "VAR-202205-0203", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64272", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64272", }, ], }, last_update_date: "2024-11-23T22:57:44.531000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for TOTOLINK A7100RU Command Injection Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/351816", }, { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192862", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64272", }, { db: "CNNVD", id: "CNNVD-202205-2515", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-009044", }, { db: "NVD", id: "CVE-2022-28575", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/1", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28575", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28575/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64272", }, { db: "VULMON", id: "CVE-2022-28575", }, { db: "JVNDB", id: "JVNDB-2022-009044", }, { db: "CNNVD", id: "CNNVD-202205-2515", }, { db: "NVD", id: "CVE-2022-28575", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64272", }, { db: "VULMON", id: "CVE-2022-28575", }, { db: "JVNDB", id: "JVNDB-2022-009044", }, { db: "CNNVD", id: "CNNVD-202205-2515", }, { db: "NVD", id: "CVE-2022-28575", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64272", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28575", }, { date: "2023-08-02T00:00:00", db: "JVNDB", id: "JVNDB-2022-009044", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2515", }, { date: "2022-05-05T18:15:09.613000", db: "NVD", id: "CVE-2022-28575", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64272", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28575", }, { date: "2023-08-02T08:20:00", db: "JVNDB", id: "JVNDB-2022-009044", }, { date: "2022-05-16T00:00:00", db: "CNNVD", id: "CNNVD-202205-2515", }, { date: "2024-11-21T06:57:31.830000", db: "NVD", id: "CVE-2022-28575", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2515", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command Injection Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2022-64272", }, { db: "CNNVD", id: "CNNVD-202205-2515", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2515", }, ], trust: 0.6, }, }
var-202301-1817
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1817", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-006000", }, { db: "NVD", id: "CVE-2022-48121", }, ], }, cve: "CVE-2022-48121", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-48121", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-48121", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-48121", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-48121", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202301-1566", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-006000", }, { db: "CNNVD", id: "CNNVD-202301-1566", }, { db: "NVD", id: "CVE-2022-48121", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-48121", }, { db: "JVNDB", id: "JVNDB-2022-006000", }, { db: "VULMON", id: "CVE-2022-48121", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-48121", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-006000", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202301-1566", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-48121", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-48121", }, { db: "JVNDB", id: "JVNDB-2022-006000", }, { db: "CNNVD", id: "CNNVD-202301-1566", }, { db: "NVD", id: "CVE-2022-48121", }, ], }, id: "VAR-202301-1817", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T13:42:07.136000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.totolink.net/", }, { title: "TOTOlink A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=222644", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-006000", }, { db: "CNNVD", id: "CNNVD-202301-1566", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-006000", }, { db: "NVD", id: "CVE-2022-48121", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/16", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-48121", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-48121/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-48121", }, { db: "JVNDB", id: "JVNDB-2022-006000", }, { db: "CNNVD", id: "CNNVD-202301-1566", }, { db: "NVD", id: "CVE-2022-48121", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-48121", }, { db: "JVNDB", id: "JVNDB-2022-006000", }, { db: "CNNVD", id: "CNNVD-202301-1566", }, { db: "NVD", id: "CVE-2022-48121", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48121", }, { date: "2023-06-23T00:00:00", db: "JVNDB", id: "JVNDB-2022-006000", }, { date: "2023-01-20T00:00:00", db: "CNNVD", id: "CNNVD-202301-1566", }, { date: "2023-01-20T15:15:14.267000", db: "NVD", id: "CVE-2022-48121", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48121", }, { date: "2023-06-23T07:20:00", db: "JVNDB", id: "JVNDB-2022-006000", }, { date: "2023-01-29T00:00:00", db: "CNNVD", id: "CNNVD-202301-1566", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-48121", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202301-1566", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU Command injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-006000", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202301-1566", }, ], trust: 0.6, }, }
var-202301-1568
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-1568", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005998", }, { db: "NVD", id: "CVE-2022-48123", }, ], }, cve: "CVE-2022-48123", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-48123", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-48123", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-48123", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-48123", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202301-1565", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005998", }, { db: "CNNVD", id: "CNNVD-202301-1565", }, { db: "NVD", id: "CVE-2022-48123", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. TOTOlink A7100RU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-48123", }, { db: "JVNDB", id: "JVNDB-2022-005998", }, { db: "VULMON", id: "CVE-2022-48123", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-48123", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-005998", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202301-1565", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-48123", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-48123", }, { db: "JVNDB", id: "JVNDB-2022-005998", }, { db: "CNNVD", id: "CNNVD-202301-1565", }, { db: "NVD", id: "CVE-2022-48123", }, ], }, id: "VAR-202301-1568", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T15:16:16.932000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.totolink.net/", }, { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=222643", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005998", }, { db: "CNNVD", id: "CNNVD-202301-1565", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-005998", }, { db: "NVD", id: "CVE-2022-48123", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/15", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-48123", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-48123/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-48123", }, { db: "JVNDB", id: "JVNDB-2022-005998", }, { db: "CNNVD", id: "CNNVD-202301-1565", }, { db: "NVD", id: "CVE-2022-48123", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-48123", }, { db: "JVNDB", id: "JVNDB-2022-005998", }, { db: "CNNVD", id: "CNNVD-202301-1565", }, { db: "NVD", id: "CVE-2022-48123", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48123", }, { date: "2023-06-23T00:00:00", db: "JVNDB", id: "JVNDB-2022-005998", }, { date: "2023-01-20T00:00:00", db: "CNNVD", id: "CNNVD-202301-1565", }, { date: "2023-01-20T15:15:14.827000", db: "NVD", id: "CVE-2022-48123", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-20T00:00:00", db: "VULMON", id: "CVE-2022-48123", }, { date: "2023-06-23T06:51:00", db: "JVNDB", id: "JVNDB-2022-005998", }, { date: "2023-01-29T00:00:00", db: "CNNVD", id: "CNNVD-202301-1565", }, { date: "2023-08-08T14:21:49.707000", db: "NVD", id: "CVE-2022-48123", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202301-1565", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU Command injection vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-005998", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202301-1565", }, ], trust: 0.6, }, }
var-202205-0122
Vulnerability from variot
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0122", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64269", }, { db: "NVD", id: "CVE-2022-28579", }, ], }, cve: "CVE-2022-28579", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28579", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64269", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28579", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28579", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-64269", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2513", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28579", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64269", }, { db: "VULMON", id: "CVE-2022-28579", }, { db: "CNNVD", id: "CNNVD-202205-2513", }, { db: "NVD", id: "CVE-2022-28579", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28579", }, { db: "CNVD", id: "CNVD-2022-64269", }, { db: "VULMON", id: "CVE-2022-28579", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28579", trust: 2.3, }, { db: "CNVD", id: "CNVD-2022-64269", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2513", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28579", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64269", }, { db: "VULMON", id: "CVE-2022-28579", }, { db: "CNNVD", id: "CNNVD-202205-2513", }, { db: "NVD", id: "CVE-2022-28579", }, ], }, id: "VAR-202205-0122", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64269", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64269", }, ], }, last_update_date: "2024-11-23T22:10:46.967000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192860", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202205-2513", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28579", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/4", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28579", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28579/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64269", }, { db: "VULMON", id: "CVE-2022-28579", }, { db: "CNNVD", id: "CNNVD-202205-2513", }, { db: "NVD", id: "CVE-2022-28579", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64269", }, { db: "VULMON", id: "CVE-2022-28579", }, { db: "CNNVD", id: "CNNVD-202205-2513", }, { db: "NVD", id: "CVE-2022-28579", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64269", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28579", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2513", }, { date: "2022-05-05T18:15:09.750000", db: "NVD", id: "CVE-2022-28579", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64269", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28579", }, { date: "2022-05-16T00:00:00", db: "CNNVD", id: "CNNVD-202205-2513", }, { date: "2024-11-21T06:57:32.293000", db: "NVD", id: "CVE-2022-28579", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2513", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command Injection Vulnerability (CNVD-2022-64269)", sources: [ { db: "CNVD", id: "CNVD-2022-64269", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2513", }, ], trust: 0.6, }, }
var-202303-2403
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-2403", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006299", }, { db: "NVD", id: "CVE-2023-27231", }, ], }, cve: "CVE-2023-27231", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-27231", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-27231", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-27231", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-27231", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202303-2468", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006299", }, { db: "CNNVD", id: "CNNVD-202303-2468", }, { db: "NVD", id: "CVE-2023-27231", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-27231", }, { db: "JVNDB", id: "JVNDB-2023-006299", }, { db: "VULMON", id: "CVE-2023-27231", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-27231", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-006299", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202303-2468", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-27231", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-27231", }, { db: "JVNDB", id: "JVNDB-2023-006299", }, { db: "CNNVD", id: "CNNVD-202303-2468", }, { db: "NVD", id: "CVE-2023-27231", }, ], }, id: "VAR-202303-2403", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:17:20.442000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006299", }, { db: "NVD", id: "CVE-2023-27231", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/31", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2023-27231", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-27231/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-27231", }, { db: "JVNDB", id: "JVNDB-2023-006299", }, { db: "CNNVD", id: "CNNVD-202303-2468", }, { db: "NVD", id: "CVE-2023-27231", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-27231", }, { db: "JVNDB", id: "JVNDB-2023-006299", }, { db: "CNNVD", id: "CNNVD-202303-2468", }, { db: "NVD", id: "CVE-2023-27231", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-28T00:00:00", db: "VULMON", id: "CVE-2023-27231", }, { date: "2023-11-14T00:00:00", db: "JVNDB", id: "JVNDB-2023-006299", }, { date: "2023-03-28T00:00:00", db: "CNNVD", id: "CNNVD-202303-2468", }, { date: "2023-03-28T22:15:09.550000", db: "NVD", id: "CVE-2023-27231", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2023-27231", }, { date: "2023-11-14T04:02:00", db: "JVNDB", id: "JVNDB-2023-006299", }, { date: "2023-04-06T00:00:00", db: "CNNVD", id: "CNNVD-202303-2468", }, { date: "2023-04-04T19:41:41.647000", db: "NVD", id: "CVE-2023-27231", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202303-2468", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-006299", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202303-2468", }, ], trust: 0.6, }, }
var-202305-0316
Vulnerability from variot
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0316", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, ], sources: [ { db: "NVD", id: "CVE-2023-30053", }, ], }, cve: "CVE-2023-30053", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-30053", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-30053", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202305-299", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-299", }, { db: "NVD", id: "CVE-2023-30053", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection", sources: [ { db: "NVD", id: "CVE-2023-30053", }, { db: "VULMON", id: "CVE-2023-30053", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-30053", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202305-299", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-30053", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-30053", }, { db: "CNNVD", id: "CNNVD-202305-299", }, { db: "NVD", id: "CVE-2023-30053", }, ], }, id: "VAR-202305-0316", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T13:20:46.288000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=237208", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202305-299", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-30053", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/am1ngl/ttt/tree/main/160", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-30053/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-30053", }, { db: "CNNVD", id: "CNNVD-202305-299", }, { db: "NVD", id: "CVE-2023-30053", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-30053", }, { db: "CNNVD", id: "CNNVD-202305-299", }, { db: "NVD", id: "CVE-2023-30053", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-05T00:00:00", db: "VULMON", id: "CVE-2023-30053", }, { date: "2023-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202305-299", }, { date: "2023-05-05T15:15:10.020000", db: "NVD", id: "CVE-2023-30053", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-05T00:00:00", db: "VULMON", id: "CVE-2023-30053", }, { date: "2023-05-12T00:00:00", db: "CNNVD", id: "CNNVD-202305-299", }, { date: "2023-05-11T18:31:11.017000", db: "NVD", id: "CVE-2023-30053", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202305-299", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Operating system command injection vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202305-299", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202305-299", }, ], trust: 0.6, }, }
var-202205-0049
Vulnerability from variot
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0049", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64265", }, { db: "NVD", id: "CVE-2022-28583", }, ], }, cve: "CVE-2022-28583", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2022-28583", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2022-64265", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-28583", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-28583", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-64265", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202205-2510", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2022-28583", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64265", }, { db: "VULMON", id: "CVE-2022-28583", }, { db: "CNNVD", id: "CNNVD-202205-2510", }, { db: "NVD", id: "CVE-2022-28583", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. TOTOLINK A7100RU is a wireless router from China TOTOLINK company", sources: [ { db: "NVD", id: "CVE-2022-28583", }, { db: "CNVD", id: "CNVD-2022-64265", }, { db: "VULMON", id: "CVE-2022-28583", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28583", trust: 2.3, }, { db: "CNVD", id: "CNVD-2022-64265", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-2510", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28583", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64265", }, { db: "VULMON", id: "CVE-2022-28583", }, { db: "CNNVD", id: "CNNVD-202205-2510", }, { db: "NVD", id: "CVE-2022-28583", }, ], }, id: "VAR-202205-0049", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-64265", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64265", }, ], }, last_update_date: "2024-11-23T22:50:49.107000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "TOTOLINK A7100RU Fixes for command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192857", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202205-2510", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28583", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/ephaha/iot_vuln/tree/main/totolink/a7100ru/7", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28583", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28583/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-64265", }, { db: "VULMON", id: "CVE-2022-28583", }, { db: "CNNVD", id: "CNNVD-202205-2510", }, { db: "NVD", id: "CVE-2022-28583", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-64265", }, { db: "VULMON", id: "CVE-2022-28583", }, { db: "CNNVD", id: "CNNVD-202205-2510", }, { db: "NVD", id: "CVE-2022-28583", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-22T00:00:00", db: "CNVD", id: "CNVD-2022-64265", }, { date: "2022-05-05T00:00:00", db: "VULMON", id: "CVE-2022-28583", }, { date: "2022-05-05T00:00:00", db: "CNNVD", id: "CNNVD-202205-2510", }, { date: "2022-05-05T18:15:09.930000", db: "NVD", id: "CVE-2022-28583", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "CNVD", id: "CNVD-2022-64265", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2022-28583", }, { date: "2022-05-16T00:00:00", db: "CNNVD", id: "CNNVD-202205-2510", }, { date: "2024-11-21T06:57:32.853000", db: "NVD", id: "CVE-2022-28583", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-2510", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK A7100RU Command Injection Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2022-64265", }, { db: "CNNVD", id: "CNNVD-202205-2510", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202205-2510", }, ], trust: 0.6, }, }
var-202303-2404
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-2404", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006298", }, { db: "NVD", id: "CVE-2023-27229", }, ], }, cve: "CVE-2023-27229", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-27229", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-27229", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-27229", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-27229", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202303-2467", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006298", }, { db: "CNNVD", id: "CNNVD-202303-2467", }, { db: "NVD", id: "CVE-2023-27229", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-27229", }, { db: "JVNDB", id: "JVNDB-2023-006298", }, { db: "VULMON", id: "CVE-2023-27229", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-27229", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-006298", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202303-2467", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-27229", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-27229", }, { db: "JVNDB", id: "JVNDB-2023-006298", }, { db: "CNNVD", id: "CNNVD-202303-2467", }, { db: "NVD", id: "CVE-2023-27229", }, ], }, id: "VAR-202303-2404", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:01:58.876000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006298", }, { db: "NVD", id: "CVE-2023-27229", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/30", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-27229", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-27229/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-27229", }, { db: "JVNDB", id: "JVNDB-2023-006298", }, { db: "CNNVD", id: "CNNVD-202303-2467", }, { db: "NVD", id: "CVE-2023-27229", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-27229", }, { db: "JVNDB", id: "JVNDB-2023-006298", }, { db: "CNNVD", id: "CNNVD-202303-2467", }, { db: "NVD", id: "CVE-2023-27229", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-28T00:00:00", db: "VULMON", id: "CVE-2023-27229", }, { date: "2023-11-14T00:00:00", db: "JVNDB", id: "JVNDB-2023-006298", }, { date: "2023-03-28T00:00:00", db: "CNNVD", id: "CNNVD-202303-2467", }, { date: "2023-03-28T22:15:09.500000", db: "NVD", id: "CVE-2023-27229", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2023-27229", }, { date: "2023-11-14T04:02:00", db: "JVNDB", id: "JVNDB-2023-006298", }, { date: "2023-04-06T00:00:00", db: "CNNVD", id: "CNNVD-202303-2467", }, { date: "2023-04-04T19:42:03.803000", db: "NVD", id: "CVE-2023-27229", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202303-2467", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-006298", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202303-2467", }, ], trust: 0.6, }, }
var-202303-2393
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-2393", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006301", }, { db: "NVD", id: "CVE-2023-27232", }, ], }, cve: "CVE-2023-27232", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-27232", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-27232", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-27232", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-27232", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202303-2469", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006301", }, { db: "CNNVD", id: "CNNVD-202303-2469", }, { db: "NVD", id: "CVE-2023-27232", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-27232", }, { db: "JVNDB", id: "JVNDB-2023-006301", }, { db: "VULMON", id: "CVE-2023-27232", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-27232", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-006301", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202303-2469", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-27232", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-27232", }, { db: "JVNDB", id: "JVNDB-2023-006301", }, { db: "CNNVD", id: "CNNVD-202303-2469", }, { db: "NVD", id: "CVE-2023-27232", }, ], }, id: "VAR-202303-2393", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T14:30:37.395000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006301", }, { db: "NVD", id: "CVE-2023-27232", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/32", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2023-27232", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-27232/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-27232", }, { db: "JVNDB", id: "JVNDB-2023-006301", }, { db: "CNNVD", id: "CNNVD-202303-2469", }, { db: "NVD", id: "CVE-2023-27232", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-27232", }, { db: "JVNDB", id: "JVNDB-2023-006301", }, { db: "CNNVD", id: "CNNVD-202303-2469", }, { db: "NVD", id: "CVE-2023-27232", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-28T00:00:00", db: "VULMON", id: "CVE-2023-27232", }, { date: "2023-11-14T00:00:00", db: "JVNDB", id: "JVNDB-2023-006301", }, { date: "2023-03-28T00:00:00", db: "CNNVD", id: "CNNVD-202303-2469", }, { date: "2023-03-28T23:15:09.143000", db: "NVD", id: "CVE-2023-27232", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2023-27232", }, { date: "2023-11-14T04:02:00", db: "JVNDB", id: "JVNDB-2023-006301", }, { date: "2023-04-06T00:00:00", db: "CNNVD", id: "CNNVD-202303-2469", }, { date: "2023-04-04T19:40:43.323000", db: "NVD", id: "CVE-2023-27232", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202303-2469", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-006301", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202303-2469", }, ], trust: 0.6, }, }
var-202304-0563
Vulnerability from variot
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0563", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006846", }, { db: "NVD", id: "CVE-2023-26848", }, ], }, cve: "CVE-2023-26848", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-26848", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-26848", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-26848", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-26848", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202304-478", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006846", }, { db: "CNNVD", id: "CNNVD-202304-478", }, { db: "NVD", id: "CVE-2023-26848", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-26848", }, { db: "JVNDB", id: "JVNDB-2023-006846", }, { db: "VULMON", id: "CVE-2023-26848", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-26848", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-006846", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202304-478", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-26848", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-26848", }, { db: "JVNDB", id: "JVNDB-2023-006846", }, { db: "CNNVD", id: "CNNVD-202304-478", }, { db: "NVD", id: "CVE-2023-26848", }, ], }, id: "VAR-202304-0563", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.75, }, last_update_date: "2024-08-14T15:00:24.449000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-006846", }, { db: "NVD", id: "CVE-2023-26848", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/23", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-26848", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-26848/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-26848", }, { db: "JVNDB", id: "JVNDB-2023-006846", }, { db: "CNNVD", id: "CNNVD-202304-478", }, { db: "NVD", id: "CVE-2023-26848", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-26848", }, { db: "JVNDB", id: "JVNDB-2023-006846", }, { db: "CNNVD", id: "CNNVD-202304-478", }, { db: "NVD", id: "CVE-2023-26848", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-07T00:00:00", db: "VULMON", id: "CVE-2023-26848", }, { date: "2023-11-16T00:00:00", db: "JVNDB", id: "JVNDB-2023-006846", }, { date: "2023-04-07T00:00:00", db: "CNNVD", id: "CNNVD-202304-478", }, { date: "2023-04-07T03:15:07.030000", db: "NVD", id: "CVE-2023-26848", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-04-07T00:00:00", db: "VULMON", id: "CVE-2023-26848", }, { date: "2023-11-16T06:57:00", db: "JVNDB", id: "JVNDB-2023-006846", }, { date: "2023-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202304-478", }, { date: "2023-04-13T18:04:22.447000", db: "NVD", id: "CVE-2023-26848", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202304-478", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-006846", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202304-478", }, ], trust: 0.6, }, }
var-202303-2049
Vulnerability from variot
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router produced by TOTOLINK in China. in constructing commands. An attacker could exploit this vulnerability to execute arbitrary commands on the system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-2049", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "a7100ru", scope: "eq", trust: 1, vendor: "totolink", version: "7.4cu.2313_b20191024", }, { model: "a7100ru", scope: null, trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: null, }, { model: "a7100ru", scope: "eq", trust: 0.8, vendor: "totolink", version: "a7100ru firmware 7.4cu.2313 b20191024", }, { model: "a7100ru v7.4cu.2313 b20191024", scope: null, trust: 0.6, vendor: "totolink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-51676", }, { db: "JVNDB", id: "JVNDB-2023-005895", }, { db: "NVD", id: "CVE-2023-27135", }, ], }, cve: "CVE-2023-27135", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2023-51676", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-27135", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-27135", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2023-27135", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2023-27135", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2023-51676", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202303-1863", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-51676", }, { db: "JVNDB", id: "JVNDB-2023-005895", }, { db: "CNNVD", id: "CNNVD-202303-1863", }, { db: "NVD", id: "CVE-2023-27135", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A7100RU is a wireless router produced by TOTOLINK in China. in constructing commands. An attacker could exploit this vulnerability to execute arbitrary commands on the system", sources: [ { db: "NVD", id: "CVE-2023-27135", }, { db: "JVNDB", id: "JVNDB-2023-005895", }, { db: "CNVD", id: "CNVD-2023-51676", }, { db: "VULMON", id: "CVE-2023-27135", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-27135", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2023-005895", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-51676", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202303-1863", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-27135", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-51676", }, { db: "VULMON", id: "CVE-2023-27135", }, { db: "JVNDB", id: "JVNDB-2023-005895", }, { db: "CNNVD", id: "CNNVD-202303-1863", }, { db: "NVD", id: "CVE-2023-27135", }, ], }, id: "VAR-202303-2049", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-51676", }, ], trust: 1.35, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-51676", }, ], }, last_update_date: "2024-08-14T14:36:57.023000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005895", }, { db: "NVD", id: "CVE-2023-27135", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/am1ngl/ttt/tree/main/29", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2023-27135", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-27135/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-51676", }, { db: "VULMON", id: "CVE-2023-27135", }, { db: "JVNDB", id: "JVNDB-2023-005895", }, { db: "CNNVD", id: "CNNVD-202303-1863", }, { db: "NVD", id: "CVE-2023-27135", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-51676", }, { db: "VULMON", id: "CVE-2023-27135", }, { db: "JVNDB", id: "JVNDB-2023-005895", }, { db: "CNNVD", id: "CNNVD-202303-1863", }, { db: "NVD", id: "CVE-2023-27135", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-29T00:00:00", db: "CNVD", id: "CNVD-2023-51676", }, { date: "2023-03-23T00:00:00", db: "VULMON", id: "CVE-2023-27135", }, { date: "2023-11-10T00:00:00", db: "JVNDB", id: "JVNDB-2023-005895", }, { date: "2023-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202303-1863", }, { date: "2023-03-23T15:15:12.120000", db: "NVD", id: "CVE-2023-27135", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-27T00:00:00", db: "CNVD", id: "CNVD-2023-51676", }, { date: "2023-03-23T00:00:00", db: "VULMON", id: "CVE-2023-27135", }, { date: "2023-11-10T06:25:00", db: "JVNDB", id: "JVNDB-2023-005895", }, { date: "2023-03-28T00:00:00", db: "CNNVD", id: "CNNVD-202303-1863", }, { date: "2023-03-27T15:46:27.120000", db: "NVD", id: "CVE-2023-27135", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202303-1863", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TOTOLINK of A7100RU Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-005895", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202303-1863", }, ], trust: 0.6, }, }