Vulnerabilites related to totolink - a810r_firmware
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n setLanguageCfg, por medio del par\u00e1metro langType. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26206",
"lastModified": "2024-11-21T06:53:35.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setDiagnosisCfg, por medio del par\u00e1metro ipDoamin. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26207",
"lastModified": "2024-11-21T06:53:35.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-06 13:15
Modified
2024-11-21 06:58
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F | Exploit, Third Party Advisory | |
| cve@mitre.org | https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability."
},
{
"lang": "es",
"value": "Totolink A830R versi\u00f3n V5.9c.4729_B20191112, Totolink A3100R versi\u00f3n V4.1.2cu.5050_B20200504, Totolink A950RG versi\u00f3n V4.1.2cu.5161_B20200903, Totolink A800R versi\u00f3n V4.1.2cu.5137 B20200730, Totolink A3000RU versi\u00f3n V5.9c.5185_B20201128, Totolink A810R versi\u00f3n V4.1.2cu.5182_B20201026, Ha sido detectado que conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos"
}
],
"id": "CVE-2022-28935",
"lastModified": "2024-11-21T06:58:12.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T13:15:09.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n NTPSyncWithHost. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del par\u00e1metro host_time"
}
],
"id": "CVE-2022-26214",
"lastModified": "2024-11-21T06:53:36.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setWebWlanIdx, por medio del par\u00e1metro webWlanIdx. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26208",
"lastModified": "2024-11-21T06:53:35.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setUpgradeFW, por medio del par\u00e1metro FileName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26210",
"lastModified": "2024-11-21T06:53:35.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n setUploadSetting, por medio del par\u00e1metro FileName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26209",
"lastModified": "2024-11-21T06:53:35.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 00:15
Modified
2024-11-21 07:16
Severity ?
Summary
TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a810r_firmware | 5.9c.4050_b20190424 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:5.9c.4050_b20190424:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8ED775-BC81-4F30-BD82-8541A950A239",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi."
},
{
"lang": "es",
"value": "Se ha detectado que TOTOLINK A810R versi\u00f3n V5.9c.4050_B20190424, contiene una vulnerabilidad de inyecci\u00f3n de comandos por medio del componente downloadFile.cgi"
}
],
"id": "CVE-2022-38511",
"lastModified": "2024-11-21T07:16:36.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T00:15:08.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, y A810R V4.1.2cu.5182 B20201026 contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudACMunualUpdate, por medio de los par\u00e1metros deviceMac y deviceName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26211",
"lastModified": "2024-11-21T06:53:36.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 00:15
Modified
2024-11-21 07:13
Severity ?
Summary
TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample."
},
{
"lang": "es",
"value": "Se ha detectado que TOTOLINK A810R versiones V4.1.2cu.5182_B20201026 y V5.9c.4050_B20190424, contienen una contrase\u00f1a embebida para el usuario root en el archivo /etc/shadow.sample"
}
],
"id": "CVE-2022-36616",
"lastModified": "2024-11-21T07:13:24.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T00:15:08.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setDeviceName, por medio de los par\u00e1metros deviceMac y deviceName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26212",
"lastModified": "2024-11-21T06:53:36.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-24 15:15
Modified
2024-11-21 06:51
Severity ?
Summary
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8708113C-F25A-4C17-B950-33E3D00C969A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the \"Main\" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter."
},
{
"lang": "es",
"value": "Se ha detectado que TOTOLink A810R versi\u00f3n V4.1.2cu.5182_B20201026, contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n \"Main\". Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del par\u00e1metro QUERY_STRING"
}
],
"id": "CVE-2022-25079",
"lastModified": "2024-11-21T06:51:37.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-24T15:15:30.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-26210
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26210",
"datePublished": "2022-03-15T21:56:16",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25079
Vulnerability from cvelistv5
Published
2022-02-22 22:44
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the \"Main\" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:44:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the \"Main\" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md",
"refsource": "MISC",
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25079",
"datePublished": "2022-02-22T22:44:09",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26214
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26214",
"datePublished": "2022-03-15T21:56:18",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36616
Vulnerability from cvelistv5
Published
2022-08-28 23:58
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-28T23:58:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md",
"refsource": "MISC",
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/hard_code.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36616",
"datePublished": "2022-08-28T23:58:57",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26207
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26207",
"datePublished": "2022-03-15T21:56:14",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26211
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26211",
"datePublished": "2022-03-15T21:56:17",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38511
Vulnerability from cvelistv5
Published
2022-08-28 23:58
Modified
2024-08-03 10:54
Severity ?
EPSS score ?
Summary
TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:04.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-28T23:58:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md",
"refsource": "MISC",
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A810R/downloadFile.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38511",
"datePublished": "2022-08-28T23:58:59",
"dateReserved": "2022-08-22T00:00:00",
"dateUpdated": "2024-08-03T10:54:04.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26209
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26209",
"datePublished": "2022-03-15T21:56:16",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28935
Vulnerability from cvelistv5
Published
2022-07-06 12:24
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing | x_refsource_MISC | |
| https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:57.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T12:24:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
},
{
"name": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F",
"refsource": "MISC",
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28935",
"datePublished": "2022-07-06T12:24:38",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:57.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26208
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26208",
"datePublished": "2022-03-15T21:56:14",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26212
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26212",
"datePublished": "2022-03-15T21:56:17",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26206
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26206",
"datePublished": "2022-03-15T21:56:13",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}