Vulnerabilites related to totolink - a950rg
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n setLanguageCfg, por medio del par\u00e1metro langType. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26206",
"lastModified": "2024-11-21T06:53:35.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-24 15:15
Modified
2024-11-21 06:51
Severity ?
Summary
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a950rg_firmware | 4.1.2cu.5204_b20210112 | |
| totolink | a950rg_firmware | 5.9c.4050_b20190424 | |
| totolink | a950rg | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5204_b20210112:*:*:*:*:*:*:*",
"matchCriteriaId": "730932A4-0583-43BA-995A-EFCE271B9BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:5.9c.4050_b20190424:*:*:*:*:*:*:*",
"matchCriteriaId": "BE384359-CEC5-49D4-97B8-95E7B5907B0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the \"Main\" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter."
},
{
"lang": "es",
"value": "Se ha detectado que TOTOLink A950RG versiones V5.9c.4050_B20190424 y V4.1.2cu.5204_B20210112, contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n \"Main\". Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del par\u00e1metro QUERY_STRING"
}
],
"id": "CVE-2022-25082",
"lastModified": "2024-11-21T06:51:37.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-24T15:15:30.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setDiagnosisCfg, por medio del par\u00e1metro ipDoamin. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26207",
"lastModified": "2024-11-21T06:53:35.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-06 13:15
Modified
2024-11-21 06:58
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F | Exploit, Third Party Advisory | |
| cve@mitre.org | https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability."
},
{
"lang": "es",
"value": "Totolink A830R versi\u00f3n V5.9c.4729_B20191112, Totolink A3100R versi\u00f3n V4.1.2cu.5050_B20200504, Totolink A950RG versi\u00f3n V4.1.2cu.5161_B20200903, Totolink A800R versi\u00f3n V4.1.2cu.5137 B20200730, Totolink A3000RU versi\u00f3n V5.9c.5185_B20201128, Totolink A810R versi\u00f3n V4.1.2cu.5182_B20201026, Ha sido detectado que conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos"
}
],
"id": "CVE-2022-28935",
"lastModified": "2024-11-21T06:58:12.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T13:15:09.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n NTPSyncWithHost. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del par\u00e1metro host_time"
}
],
"id": "CVE-2022-26214",
"lastModified": "2024-11-21T06:53:36.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setWebWlanIdx, por medio del par\u00e1metro webWlanIdx. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26208",
"lastModified": "2024-11-21T06:53:35.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setUpgradeFW, por medio del par\u00e1metro FileName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26210",
"lastModified": "2024-11-21T06:53:35.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comando en la funci\u00f3n setUploadSetting, por medio del par\u00e1metro FileName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26209",
"lastModified": "2024-11-21T06:53:35.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, y A810R V4.1.2cu.5182 B20201026 contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudACMunualUpdate, por medio de los par\u00e1metros deviceMac y deviceName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26211",
"lastModified": "2024-11-21T06:53:36.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 22:15
Modified
2024-11-21 06:53
Severity ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a830r_firmware | 5.9c.4729_b20191112 | |
| totolink | a830r | - | |
| totolink | a3100r_firmware | 4.1.2cu.5050_b20200504 | |
| totolink | a3100r | - | |
| totolink | a950rg_firmware | 4.1.2cu.5161_b20200903 | |
| totolink | a950rg | - | |
| totolink | a800r_firmware | 4.1.2cu.5137_b20200730 | |
| totolink | a800r | - | |
| totolink | a3000ru_firmware | 5.9c.5185_b20201128 | |
| totolink | a3000ru | - | |
| totolink | a810r_firmware | 4.1.2cu.5182_b20201026 | |
| totolink | a810r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*",
"matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*",
"matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
},
{
"lang": "es",
"value": "Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B20200903, A800R versiones V4.1.2cu.5137_B20200730, A3000RU versiones V5.9c.5185 B20201128, y A810R versiones V4.1.2cu.5182_B20201026, se ha detectado que contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setDeviceName, por medio de los par\u00e1metros deviceMac y deviceName. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petici\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2022-26212",
"lastModified": "2024-11-21T06:53:36.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T22:15:14.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 00:15
Modified
2024-11-21 07:13
Severity ?
Summary
TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a950rg_firmware | 4.1.2cu.5204_b20210112 | |
| totolink | a950rg | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5204_b20210112:*:*:*:*:*:*:*",
"matchCriteriaId": "730932A4-0583-43BA-995A-EFCE271B9BA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample."
},
{
"lang": "es",
"value": "Se ha detectado que TOTOLINK A950RG versi\u00f3n V4.1.2cu.5204_B20210112, contiene una contrase\u00f1a embebida para root en el archivo /etc/shadow.sample"
}
],
"id": "CVE-2022-36612",
"lastModified": "2024-11-21T07:13:24.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T00:15:08.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-26210
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26210",
"datePublished": "2022-03-15T21:56:16",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36612
Vulnerability from cvelistv5
Published
2022-08-28 23:58
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-28T23:58:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md",
"refsource": "MISC",
"url": "https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A950RG/hard_code.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36612",
"datePublished": "2022-08-28T23:58:55",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26214
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26214",
"datePublished": "2022-03-15T21:56:18",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26207
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26207",
"datePublished": "2022-03-15T21:56:14",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26211
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26211",
"datePublished": "2022-03-15T21:56:17",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25082
Vulnerability from cvelistv5
Published
2022-02-22 22:44
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the \"Main\" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:44:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the \"Main\" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md",
"refsource": "MISC",
"url": "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25082",
"datePublished": "2022-02-22T22:44:11",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26209
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26209",
"datePublished": "2022-03-15T21:56:16",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28935
Vulnerability from cvelistv5
Published
2022-07-06 12:24
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing | x_refsource_MISC | |
| https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:57.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T12:24:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing"
},
{
"name": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F",
"refsource": "MISC",
"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28935",
"datePublished": "2022-07-06T12:24:38",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:57.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26208
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26208",
"datePublished": "2022-03-15T21:56:14",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26212
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26212",
"datePublished": "2022-03-15T21:56:17",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26206
Vulnerability from cvelistv5
Published
2022-03-15 21:56
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T21:56:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md",
"refsource": "MISC",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26206",
"datePublished": "2022-03-15T21:56:13",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202207-0325
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0325",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-28935"
}
]
},
"cve": "CVE-2022-28935",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2022-28935",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-28935",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-28935",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-431",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-28935",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-28935"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-431"
},
{
"db": "NVD",
"id": "CVE-2022-28935"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-28935"
},
{
"db": "VULMON",
"id": "CVE-2022-28935"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-28935",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202207-431",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-28935",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-28935"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-431"
},
{
"db": "NVD",
"id": "CVE-2022-28935"
}
]
},
"id": "VAR-202207-0325",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.61606935
},
"last_update_date": "2024-08-14T14:02:31.350000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-28935"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://drive.google.com/drive/folders/1jnx74lngc3u9pnrcnlgo0hsdgzzf6h7f?usp=sharing"
},
{
"trust": 1.1,
"url": "https://drive.google.com/drive/folders/1jnx74lngc3u9pnrcnlgo0hsdgzzf6h7f"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-28935/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-28935"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-431"
},
{
"db": "NVD",
"id": "CVE-2022-28935"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-28935"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-431"
},
{
"db": "NVD",
"id": "CVE-2022-28935"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-06T00:00:00",
"db": "VULMON",
"id": "CVE-2022-28935"
},
{
"date": "2022-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-431"
},
{
"date": "2022-07-06T13:15:09.400000",
"db": "NVD",
"id": "CVE-2022-28935"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-28935"
},
{
"date": "2022-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-431"
},
{
"date": "2022-07-14T01:36:50.137000",
"db": "NVD",
"id": "CVE-2022-28935"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-431"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple TOTOLINK Product Command Injection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-431"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-431"
}
],
"trust": 0.6
}
}
var-202202-1572
Vulnerability from variot
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. TOTOLINK of a950rg Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A950RG is a wireless router from China TotoLink Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-1572",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4050_b20190424"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5204_b20210112"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "a950rg firmware 4.1.2cu.5204 b20210112"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "a950rg firmware 5.9c.4050 b20190424"
},
{
"model": "a950rg v5.9c.4050 b20190424",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5204 b20210112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"db": "NVD",
"id": "CVE-2022-25082"
}
]
},
"cve": "CVE-2022-25082",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-25082",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-17106",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-25082",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-25082",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25082",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-25082",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-17106",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1867",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-25082",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"db": "VULMON",
"id": "CVE-2022-25082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1867"
},
{
"db": "NVD",
"id": "CVE-2022-25082"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the \"Main\" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. TOTOLINK of a950rg Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLink A950RG is a wireless router from China TotoLink Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"db": "VULMON",
"id": "CVE-2022-25082"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25082",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006251",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-17106",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1867",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-25082",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"db": "VULMON",
"id": "CVE-2022-25082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1867"
},
{
"db": "NVD",
"id": "CVE-2022-25082"
}
]
},
"id": "VAR-202202-1572",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-17106"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-17106"
}
]
},
"last_update_date": "2024-11-23T22:32:55.788000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/ARPSyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-25082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"db": "NVD",
"id": "CVE-2022-25082"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/ephaha/iot_vuln/blob/main/totolink/a950rg/readme.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25082"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25082/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"db": "VULMON",
"id": "CVE-2022-25082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1867"
},
{
"db": "NVD",
"id": "CVE-2022-25082"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"db": "VULMON",
"id": "CVE-2022-25082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1867"
},
{
"db": "NVD",
"id": "CVE-2022-25082"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"date": "2022-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25082"
},
{
"date": "2023-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"date": "2022-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1867"
},
{
"date": "2022-02-24T15:15:30.493000",
"db": "NVD",
"id": "CVE-2022-25082"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"date": "2023-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25082"
},
{
"date": "2023-07-03T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2022-006251"
},
{
"date": "2022-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1867"
},
{
"date": "2024-11-21T06:51:37.747000",
"db": "NVD",
"id": "CVE-2022-25082"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1867"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLink A950RG Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-17106"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1867"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1867"
}
],
"trust": 0.6
}
}
var-202203-1307
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1307",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a3100r v4.1.2cu.5050 b20200504",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a800r v4.1.2cu.5137 b20200730",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a810r v4.1.2cu.5182 b20201026",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a830r v5.9c.4729 b20191112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5161 b20200903",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3000ru v5.9c.5185 b20201128",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
},
{
"db": "NVD",
"id": "CVE-2022-26207"
}
]
},
"cve": "CVE-2022-26207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26207",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47972",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26207",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26207",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-47972",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1478",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1478"
},
{
"db": "NVD",
"id": "CVE-2022-26207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26207"
},
{
"db": "CNVD",
"id": "CNVD-2022-47972"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26207",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-47972",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1478",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1478"
},
{
"db": "NVD",
"id": "CVE-2022-26207"
}
]
},
"id": "VAR-202203-1307",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
}
],
"trust": 1.3440462333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
}
]
},
"last_update_date": "2024-11-23T23:10:56.001000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47972)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/337456"
},
{
"title": "Multiple TotoLink Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189395"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26207/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1478"
},
{
"db": "NVD",
"id": "CVE-2022-26207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1478"
},
{
"db": "NVD",
"id": "CVE-2022-26207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47972"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1478"
},
{
"date": "2022-03-15T22:15:14.427000",
"db": "NVD",
"id": "CVE-2022-26207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47972"
},
{
"date": "2022-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1478"
},
{
"date": "2024-11-21T06:53:35.463000",
"db": "NVD",
"id": "CVE-2022-26207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1478"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47972)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47972"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1478"
}
],
"trust": 0.6
}
}
var-202203-1302
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company. The vulnerability stems from the fact that the host_time parameter in the NTPSyncWithHost function fails to properly filter the special elements that construct the command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a3100r v4.1.2cu.5050 b20200504",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a800r v4.1.2cu.5137 b20200730",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a810r v4.1.2cu.5182 b20201026",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a830r v5.9c.4729 b20191112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5161 b20200903",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3000ru v5.9c.5185 b20201128",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47974"
},
{
"db": "NVD",
"id": "CVE-2022-26214"
}
]
},
"cve": "CVE-2022-26214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26214",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47974",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26214",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26214",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-47974",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1487",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47974"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1487"
},
{
"db": "NVD",
"id": "CVE-2022-26214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company. The vulnerability stems from the fact that the host_time parameter in the NTPSyncWithHost function fails to properly filter the special elements that construct the command",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26214"
},
{
"db": "CNVD",
"id": "CNVD-2022-47974"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26214",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-47974",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1487",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47974"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1487"
},
{
"db": "NVD",
"id": "CVE-2022-26214"
}
]
},
"id": "VAR-202203-1302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47974"
}
],
"trust": 1.3440462333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47974"
}
]
},
"last_update_date": "2024-11-23T22:24:57.235000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26214/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47974"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1487"
},
{
"db": "NVD",
"id": "CVE-2022-26214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47974"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1487"
},
{
"db": "NVD",
"id": "CVE-2022-26214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47974"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1487"
},
{
"date": "2022-03-15T22:15:14.723000",
"db": "NVD",
"id": "CVE-2022-26214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47974"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1487"
},
{
"date": "2024-11-21T06:53:36.540000",
"db": "NVD",
"id": "CVE-2022-26214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1487"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47974)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47974"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1487"
}
],
"trust": 0.6
}
}
var-202203-0700
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0700",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a3100r v4.1.2cu.5050 b20200504",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a800r v4.1.2cu.5137 b20200730",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a810r v4.1.2cu.5182 b20201026",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a830r v5.9c.4729 b20191112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5161 b20200903",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3000ru v5.9c.5185 b20201128",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"db": "NVD",
"id": "CVE-2022-26210"
}
]
},
"cve": "CVE-2022-26210",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26210",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47970",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26210",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26210",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-47970",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1482",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-26210",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"db": "VULMON",
"id": "CVE-2022-26210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1482"
},
{
"db": "NVD",
"id": "CVE-2022-26210"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26210"
},
{
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"db": "VULMON",
"id": "CVE-2022-26210"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26210",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2022-47970",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1482",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-26210",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"db": "VULMON",
"id": "CVE-2022-26210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1482"
},
{
"db": "NVD",
"id": "CVE-2022-26210"
}
]
},
"id": "VAR-202203-0700",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
}
],
"trust": 1.3440462333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
}
]
},
"last_update_date": "2024-11-23T22:50:51.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47970)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/337466"
},
{
"title": "Multiple TotoLink Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187430"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExploitPwner/TOTOLINK-CVE-2022-26210-Scanner "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExploitPwner/Totolink-CVE-2022-Exploits "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/20142995/Goby "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Z0fhack/Goby_POC "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"db": "VULMON",
"id": "CVE-2022-26210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1482"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26210"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26210/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://github.com/exploitpwner/totolink-cve-2022-26210-scanner"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"db": "VULMON",
"id": "CVE-2022-26210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1482"
},
{
"db": "NVD",
"id": "CVE-2022-26210"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"db": "VULMON",
"id": "CVE-2022-26210"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1482"
},
{
"db": "NVD",
"id": "CVE-2022-26210"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"date": "2022-03-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26210"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1482"
},
{
"date": "2022-03-15T22:15:14.547000",
"db": "NVD",
"id": "CVE-2022-26210"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47970"
},
{
"date": "2023-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26210"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1482"
},
{
"date": "2024-11-21T06:53:35.933000",
"db": "NVD",
"id": "CVE-2022-26210"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1482"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47970)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47970"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1482"
}
],
"trust": 0.6
}
}
var-202203-1308
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a3100r v4.1.2cu.5050 b20200504",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a800r v4.1.2cu.5137 b20200730",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a810r v4.1.2cu.5182 b20201026",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a830r v5.9c.4729 b20191112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5161 b20200903",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3000ru v5.9c.5185 b20201128",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
},
{
"db": "NVD",
"id": "CVE-2022-26206"
}
]
},
"cve": "CVE-2022-26206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26206",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47971",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26206",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26206",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-47971",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1477",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1477"
},
{
"db": "NVD",
"id": "CVE-2022-26206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26206"
},
{
"db": "CNVD",
"id": "CNVD-2022-47971"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26206",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-47971",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1477",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1477"
},
{
"db": "NVD",
"id": "CVE-2022-26206"
}
]
},
"id": "VAR-202203-1308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
}
],
"trust": 1.3440462333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
}
]
},
"last_update_date": "2024-11-23T23:00:52.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47971)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/337461"
},
{
"title": "Multiple TotoLink Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189394"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26206/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1477"
},
{
"db": "NVD",
"id": "CVE-2022-26206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1477"
},
{
"db": "NVD",
"id": "CVE-2022-26206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47971"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1477"
},
{
"date": "2022-03-15T22:15:14.357000",
"db": "NVD",
"id": "CVE-2022-26206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47971"
},
{
"date": "2022-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1477"
},
{
"date": "2024-11-21T06:53:35.320000",
"db": "NVD",
"id": "CVE-2022-26206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1477"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47971)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47971"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1477"
}
],
"trust": 0.6
}
}
var-202203-0699
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company. The vulnerability stems from the fact that the deviceName and deviceMac parameters in the CloudACMunualUpdate function fail to properly filter special elements that construct commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0699",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a3100r v4.1.2cu.5050 b20200504",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a800r v4.1.2cu.5137 b20200730",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a810r v4.1.2cu.5182 b20201026",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a830r v5.9c.4729 b20191112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5161 b20200903",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3000ru v5.9c.5185 b20201128",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47975"
},
{
"db": "NVD",
"id": "CVE-2022-26211"
}
]
},
"cve": "CVE-2022-26211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26211",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47975",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26211",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26211",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-47975",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1484",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47975"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1484"
},
{
"db": "NVD",
"id": "CVE-2022-26211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company. The vulnerability stems from the fact that the deviceName and deviceMac parameters in the CloudACMunualUpdate function fail to properly filter special elements that construct commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26211"
},
{
"db": "CNVD",
"id": "CNVD-2022-47975"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26211",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-47975",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1484",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47975"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1484"
},
{
"db": "NVD",
"id": "CVE-2022-26211"
}
]
},
"id": "VAR-202203-0699",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47975"
}
],
"trust": 1.3440462333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47975"
}
]
},
"last_update_date": "2024-11-23T22:44:03.290000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26211/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47975"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1484"
},
{
"db": "NVD",
"id": "CVE-2022-26211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47975"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1484"
},
{
"db": "NVD",
"id": "CVE-2022-26211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47975"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1484"
},
{
"date": "2022-03-15T22:15:14.587000",
"db": "NVD",
"id": "CVE-2022-26211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47975"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1484"
},
{
"date": "2024-11-21T06:53:36.103000",
"db": "NVD",
"id": "CVE-2022-26211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1484"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47975)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47975"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1484"
}
],
"trust": 0.6
}
}
var-202203-1306
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a3100r v4.1.2cu.5050 b20200504",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a800r v4.1.2cu.5137 b20200730",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a810r v4.1.2cu.5182 b20201026",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a830r v5.9c.4729 b20191112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5161 b20200903",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3000ru v5.9c.5185 b20201128",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
},
{
"db": "NVD",
"id": "CVE-2022-26208"
}
]
},
"cve": "CVE-2022-26208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47968",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26208",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26208",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-47968",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1479",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1479"
},
{
"db": "NVD",
"id": "CVE-2022-26208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26208"
},
{
"db": "CNVD",
"id": "CNVD-2022-47968"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26208",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-47968",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1479",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1479"
},
{
"db": "NVD",
"id": "CVE-2022-26208"
}
]
},
"id": "VAR-202203-1306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
}
],
"trust": 1.3440462333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
}
]
},
"last_update_date": "2024-11-23T21:58:28.970000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47968)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/337476"
},
{
"title": "Multiple TotoLink Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189396"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1479"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26208/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1479"
},
{
"db": "NVD",
"id": "CVE-2022-26208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1479"
},
{
"db": "NVD",
"id": "CVE-2022-26208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47968"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1479"
},
{
"date": "2022-03-15T22:15:14.467000",
"db": "NVD",
"id": "CVE-2022-26208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47968"
},
{
"date": "2022-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1479"
},
{
"date": "2024-11-21T06:53:35.600000",
"db": "NVD",
"id": "CVE-2022-26208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1479"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47968)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47968"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1479"
}
],
"trust": 0.6
}
}
var-202203-1303
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a3100r v4.1.2cu.5050 b20200504",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a800r v4.1.2cu.5137 b20200730",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a810r v4.1.2cu.5182 b20201026",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a830r v5.9c.4729 b20191112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5161 b20200903",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3000ru v5.9c.5185 b20201128",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47973"
},
{
"db": "NVD",
"id": "CVE-2022-26212"
}
]
},
"cve": "CVE-2022-26212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26212",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47973",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26212",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26212",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-47973",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1485",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47973"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1485"
},
{
"db": "NVD",
"id": "CVE-2022-26212"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26212"
},
{
"db": "CNVD",
"id": "CNVD-2022-47973"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26212",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-47973",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1485",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47973"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1485"
},
{
"db": "NVD",
"id": "CVE-2022-26212"
}
]
},
"id": "VAR-202203-1303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47973"
}
],
"trust": 1.3440462333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47973"
}
]
},
"last_update_date": "2024-11-23T22:20:33.493000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26212/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47973"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1485"
},
{
"db": "NVD",
"id": "CVE-2022-26212"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47973"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1485"
},
{
"db": "NVD",
"id": "CVE-2022-26212"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47973"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1485"
},
{
"date": "2022-03-15T22:15:14.630000",
"db": "NVD",
"id": "CVE-2022-26212"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47973"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1485"
},
{
"date": "2024-11-21T06:53:36.253000",
"db": "NVD",
"id": "CVE-2022-26212"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1485"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47973)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47973"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1485"
}
],
"trust": 0.6
}
}
var-202203-0701
Vulnerability from variot
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a800r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5137_b20200730"
},
{
"model": "a950rg",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5161_b20200903"
},
{
"model": "a3000ru",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.5185_b20201128"
},
{
"model": "a830r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "5.9c.4729_b20191112"
},
{
"model": "a3100r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5050_b20200504"
},
{
"model": "a810r",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5182_b20201026"
},
{
"model": "a830r v5.9c.4729 b20191112",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3100r v4.1.2cu.5050 b20200504",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a950rg v4.1.2cu.5161 b20200903",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a800r v4.1.2cu.5137 b20200730",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a3000ru v5.9c.5185 b20201128",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "a810r v4.1.2cu.5182 b20201026",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
},
{
"db": "NVD",
"id": "CVE-2022-26209"
}
]
},
"cve": "CVE-2022-26209",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-26209",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-47969",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-26209",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26209",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-47969",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1480",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1480"
},
{
"db": "NVD",
"id": "CVE-2022-26209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are all routers from China Totolink Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26209"
},
{
"db": "CNVD",
"id": "CNVD-2022-47969"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26209",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2022-47969",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1480",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1480"
},
{
"db": "NVD",
"id": "CVE-2022-26209"
}
]
},
"id": "VAR-202203-0701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
}
],
"trust": 1.3440462333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
}
]
},
"last_update_date": "2024-11-23T22:44:03.269000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47969)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/337471"
},
{
"title": "Multiple TotoLink Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189397"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1480"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26209"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26209/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1480"
},
{
"db": "NVD",
"id": "CVE-2022-26209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1480"
},
{
"db": "NVD",
"id": "CVE-2022-26209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47969"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1480"
},
{
"date": "2022-03-15T22:15:14.507000",
"db": "NVD",
"id": "CVE-2022-26209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-47969"
},
{
"date": "2022-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1480"
},
{
"date": "2024-11-21T06:53:35.760000",
"db": "NVD",
"id": "CVE-2022-26209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1480"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command Injection Vulnerability in Multiple TotoLink Products (CNVD-2022-47969)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-47969"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1480"
}
],
"trust": 0.6
}
}