Vulnerabilites related to totolink - ex1200t
cve-2021-42888
Vulnerability from cvelistv5
Published
2022-06-03 13:51
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:12.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T13:51:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42888",
"datePublished": "2022-06-03T13:51:17",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:12.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42893
Vulnerability from cvelistv5
Published
2022-06-03 17:12
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:11.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T17:12:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42893",
"datePublished": "2022-06-03T17:12:36",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:11.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42891
Vulnerability from cvelistv5
Published
2022-06-03 15:17
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:12.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T15:17:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42891",
"datePublished": "2022-06-03T15:17:08",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:12.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42887
Vulnerability from cvelistv5
Published
2022-06-03 11:40
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:11.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T11:40:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42887",
"datePublished": "2022-06-03T11:40:42",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:11.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42884
Vulnerability from cvelistv5
Published
2022-06-03 10:35
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:11.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T10:35:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42884",
"datePublished": "2022-06-03T10:35:20",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:11.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42890
Vulnerability from cvelistv5
Published
2022-06-03 14:57
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:12.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T14:57:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42890",
"datePublished": "2022-06-03T14:57:19",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:12.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52032
Vulnerability from cvelistv5
Published
2024-01-11 00:00
Modified
2024-08-02 22:48
Severity ?
EPSS score ?
Summary
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://815yang.github.io/2023/12/24/cve6/EX1200T_V4.1.2cu.5232_B20210713_downloadFlile/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the \"main\" function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:56:05.000128",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://815yang.github.io/2023/12/24/cve6/EX1200T_V4.1.2cu.5232_B20210713_downloadFlile/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52032",
"datePublished": "2024-01-11T00:00:00",
"dateReserved": "2023-12-26T00:00:00",
"dateUpdated": "2024-08-02T22:48:12.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42885
Vulnerability from cvelistv5
Published
2022-06-03 10:50
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:11.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T10:50:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42885",
"datePublished": "2022-06-03T10:50:27",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:11.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42875
Vulnerability from cvelistv5
Published
2022-06-02 18:52
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ex1200t.com | x_refsource_MISC | |
| http://totolink.net | x_refsource_MISC | |
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ex1200t.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://totolink.net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T18:52:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ex1200t.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://totolink.net"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ex1200t.com",
"refsource": "MISC",
"url": "http://ex1200t.com"
},
{
"name": "http://totolink.net",
"refsource": "MISC",
"url": "http://totolink.net"
},
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42875",
"datePublished": "2022-06-02T18:52:02",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42877
Vulnerability from cvelistv5
Published
2022-06-02 19:18
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://totolink.net/ | x_refsource_MISC | |
| http://ex1200t.com | x_refsource_MISC | |
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://totolink.net/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ex1200t.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T19:18:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://totolink.net/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ex1200t.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://totolink.net/",
"refsource": "MISC",
"url": "http://totolink.net/"
},
{
"name": "http://ex1200t.com",
"refsource": "MISC",
"url": "http://ex1200t.com"
},
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42877",
"datePublished": "2022-06-02T19:18:46",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42892
Vulnerability from cvelistv5
Published
2022-06-03 16:53
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:11.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T16:53:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42892",
"datePublished": "2022-06-03T16:53:53",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:11.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25008
Vulnerability from cvelistv5
Published
2022-03-30 22:27
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T22:27:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md",
"refsource": "MISC",
"url": "https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25008",
"datePublished": "2022-03-30T22:27:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-03T04:29:01.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42889
Vulnerability from cvelistv5
Published
2022-06-03 14:08
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:11.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T14:08:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42889",
"datePublished": "2022-06-03T14:08:41",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:11.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42886
Vulnerability from cvelistv5
Published
2022-06-03 11:13
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:11.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T11:13:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42886",
"datePublished": "2022-06-03T11:13:38",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:11.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42872
Vulnerability from cvelistv5
Published
2022-05-31 23:15
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://totolink.net/ | x_refsource_MISC | |
| http://ex1200t.com | x_refsource_MISC | |
| https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://totolink.net/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ex1200t.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T23:15:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://totolink.net/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ex1200t.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://totolink.net/",
"refsource": "MISC",
"url": "http://totolink.net/"
},
{
"name": "http://ex1200t.com",
"refsource": "MISC",
"url": "http://ex1200t.com"
},
{
"name": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md",
"refsource": "MISC",
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42872",
"datePublished": "2022-05-31T23:15:28",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-06-02 20:15
Modified
2024-11-21 06:28
Severity ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ex1200t.com | Broken Link, URL Repurposed | |
| cve@mitre.org | http://totolink.net/ | Vendor Advisory | |
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ex1200t.com | Broken Link, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://totolink.net/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system."
},
{
"lang": "es",
"value": "TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, contiene una vulnerabilidad de denegaci\u00f3n de servicio en la funci\u00f3n RebootSystem del archivo lib/cste_modules/system que puede reiniciar el sistema"
}
],
"id": "CVE-2021-42877",
"lastModified": "2024-11-21T06:28:15.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T20:15:08.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://ex1200t.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://totolink.net/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://ex1200t.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://totolink.net/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 15:15
Modified
2024-11-21 06:28
Severity ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization."
},
{
"lang": "es",
"value": "En TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, un atacante puede obtener informaci\u00f3n confidencial (wifikey, wifiname, etc.) sin autorizaci\u00f3n"
}
],
"id": "CVE-2021-42889",
"lastModified": "2024-11-21T06:28:16.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T15:15:08.150",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_getWiFiApConfig_leak.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 11:15
Modified
2024-11-21 06:28
Severity ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack."
},
{
"lang": "es",
"value": "TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, contiene una vulnerabilidad de inyecci\u00f3n de comando remoto en la funci\u00f3n setDeviceMac del archivo global.so que puede controlar deviceName para atacar"
}
],
"id": "CVE-2021-42885",
"lastModified": "2024-11-21T06:28:16.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T11:15:12.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 18:15
Modified
2024-11-21 06:28
Severity ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg."
},
{
"lang": "es",
"value": "En TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, un atacante puede obtener informaci\u00f3n confidencial (wifikey, etc.) sin autorizaci\u00f3n mediante getSysStatusCfg"
}
],
"id": "CVE-2021-42893",
"lastModified": "2024-11-21T06:28:17.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T18:15:08.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 17:15
Modified
2024-11-21 06:28
Severity ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware."
},
{
"lang": "es",
"value": "En TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, un atacante puede iniciar telnet sin autorizaci\u00f3n porque el nombre de usuario y la contrase\u00f1a por defecto se presentan en el firmware"
}
],
"id": "CVE-2021-42892",
"lastModified": "2024-11-21T06:28:17.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T17:15:07.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_telnet_default.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 12:15
Modified
2024-11-21 06:28
Severity ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm."
},
{
"lang": "es",
"value": "En TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, un atacante puede omitir el inicio de sesi\u00f3n enviando una petici\u00f3n espec\u00edfica mediante formLoginAuth.htm"
}
],
"id": "CVE-2021-42887",
"lastModified": "2024-11-21T06:28:16.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T12:15:07.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:28
Severity ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ex1200t.com | Broken Link, URL Repurposed | |
| cve@mitre.org | http://totolink.net/ | Vendor Advisory | |
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ex1200t.com | Broken Link, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://totolink.net/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code."
},
{
"lang": "es",
"value": "TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, est\u00e1 afectado por una vulnerabilidad de inyecci\u00f3n de comandos que puede ejecutar remotamente c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-42872",
"lastModified": "2024-11-21T06:28:15.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T14:15:30.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://ex1200t.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://totolink.net/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://ex1200t.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://totolink.net/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 16:15
Modified
2024-11-21 06:28
Severity ?
Summary
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization."
},
{
"lang": "es",
"value": "En TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, un atacante puede obtener informaci\u00f3n confidencial (wifikey, etc.) sin autorizaci\u00f3n"
}
],
"id": "CVE-2021-42891",
"lastModified": "2024-11-21T06:28:17.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T16:15:11.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-11 09:15
Modified
2024-11-21 08:39
Severity ?
Summary
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://815yang.github.io/2023/12/24/cve6/EX1200T_V4.1.2cu.5232_B20210713_downloadFlile/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://815yang.github.io/2023/12/24/cve6/EX1200T_V4.1.2cu.5232_B20210713_downloadFlile/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5232_b20210713 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD36F94-8646-4794-8878-6F4BF1BF1153",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the \"main\" function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que TOTOlink EX1200T V4.1.2cu.5232_B20210713 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) a trav\u00e9s de la funci\u00f3n \"principal\"."
}
],
"id": "CVE-2023-52032",
"lastModified": "2024-11-21T08:39:03.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-11T09:15:47.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://815yang.github.io/2023/12/24/cve6/EX1200T_V4.1.2cu.5232_B20210713_downloadFlile/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://815yang.github.io/2023/12/24/cve6/EX1200T_V4.1.2cu.5232_B20210713_downloadFlile/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-02 19:15
Modified
2024-11-21 06:28
Severity ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ex1200t.com | Broken Link, URL Repurposed | |
| cve@mitre.org | http://totolink.net | Vendor Advisory | |
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ex1200t.com | Broken Link, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://totolink.net | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin."
},
{
"lang": "es",
"value": "TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, contiene una vulnerabilidad de inyecci\u00f3n de comandos remota en la funci\u00f3n setDiagnosisCfg del archivo lib/cste_modules/system.so para controlar el ipDoamin"
}
],
"id": "CVE-2021-42875",
"lastModified": "2024-11-21T06:28:15.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T19:15:08.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://ex1200t.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://totolink.net"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"URL Repurposed"
],
"url": "http://ex1200t.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://totolink.net"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 14:15
Modified
2024-11-21 06:28
Severity ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack."
},
{
"lang": "es",
"value": "TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, contiene una vulnerabilidad de inyecci\u00f3n de comandos remotos en la funci\u00f3n setLanguageCfg del archivo global.so que puede controlar langType para atacar"
}
],
"id": "CVE-2021-42888",
"lastModified": "2024-11-21T06:28:16.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T14:15:08.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-30 23:15
Modified
2024-11-21 06:51
Severity ?
Summary
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex300_v2_firmware | 4.0.3c.140_b20210429 | |
| totolink | ex300_v2 | - | |
| totolink | ex1200t_firmware | 4.1.2cu.5230_b20210706 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex300_v2_firmware:4.0.3c.140_b20210429:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7185B4-C0DA-4EC1-B32E-6D4385A28BA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex300_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7D15BE-D0FA-48C4-9752-F11255ABA2BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5230_b20210706:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD1F54-D54F-4038-AA4E-09F203FA7396",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism."
},
{
"lang": "es",
"value": "Totolink EX300_v2 versi\u00f3n V4.0.3c.140_B20210429 y EX1200T versi\u00f3n V4.1.2cu.5230_B20210706, no contienen un mecanismo de autenticaci\u00f3n"
}
],
"id": "CVE-2022-25008",
"lastModified": "2024-11-21T06:51:32.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-30T23:15:08.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 11:15
Modified
2024-11-21 06:28
Severity ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack."
},
{
"lang": "es",
"value": "TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, contiene una vulnerabilidad de inyecci\u00f3n de comando remoto en la funci\u00f3n setDeviceName del archivo global.so que puede controlar eldeviceName para atacar"
}
],
"id": "CVE-2021-42884",
"lastModified": "2024-11-21T06:28:16.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T11:15:12.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 15:15
Modified
2024-11-21 06:28
Severity ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack."
},
{
"lang": "es",
"value": "En TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, contiene una vulnerabilidad de inyecci\u00f3n de comando remoto en la funci\u00f3n NTPSyncWithHost del sistema de archivos.so que puede controlar el hostTime para atacar"
}
],
"id": "CVE-2021-42890",
"lastModified": "2024-11-21T06:28:17.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T15:15:08.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-03 12:15
Modified
2024-11-21 06:28
Severity ?
Summary
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5215 | |
| totolink | ex1200t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5215:*:*:*:*:*:*:*",
"matchCriteriaId": "692DD9EF-B502-4EC1-932C-A540333A990B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F262644E-2558-423E-A19E-7C86A1756FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file."
},
{
"lang": "es",
"value": "TOTOLINK EX1200T versi\u00f3n V4.1.2cu.5215, contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la que un atacante puede conseguir el archivo de configuraci\u00f3n apmib sin autorizaci\u00f3n, y pueden encontrarse nombres de usuario y contrase\u00f1as en el archivo decodificado"
}
],
"id": "CVE-2021-42886",
"lastModified": "2024-11-21T06:28:16.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-03T12:15:07.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202206-0218
Vulnerability from variot
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"db": "NVD",
"id": "CVE-2021-42884"
}
]
},
"cve": "CVE-2021-42884",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42884",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53573",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42884",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42884",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42884",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-42884",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-53573",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-453",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-42884",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"db": "VULMON",
"id": "CVE-2021-42884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-453"
},
{
"db": "NVD",
"id": "CVE-2021-42884"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"db": "VULMON",
"id": "CVE-2021-42884"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42884",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019786",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-453",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42884",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"db": "VULMON",
"id": "CVE-2021-42884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-453"
},
{
"db": "NVD",
"id": "CVE-2021-42884"
}
]
},
"id": "VAR-202206-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53573"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53573"
}
]
},
"last_update_date": "2024-11-23T22:54:34.053000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"db": "NVD",
"id": "CVE-2021-42884"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42884"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42884/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"db": "VULMON",
"id": "CVE-2021-42884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-453"
},
{
"db": "NVD",
"id": "CVE-2021-42884"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"db": "VULMON",
"id": "CVE-2021-42884"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-453"
},
{
"db": "NVD",
"id": "CVE-2021-42884"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42884"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-453"
},
{
"date": "2022-06-03T11:15:12.417000",
"db": "NVD",
"id": "CVE-2021-42884"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42884"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019786"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-453"
},
{
"date": "2024-11-21T06:28:16.100000",
"db": "NVD",
"id": "CVE-2021-42884"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53573"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-453"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-453"
}
],
"trust": 0.6
}
}
var-202206-0320
Vulnerability from variot
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. TOTOLINK of ex1200t Firmware has an information disclosure vulnerability.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0320",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"db": "NVD",
"id": "CVE-2021-42886"
}
]
},
"cve": "CVE-2021-42886",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42886",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53571",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42886",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42886",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42886",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-42886",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-53571",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-455",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-42886",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"db": "VULMON",
"id": "CVE-2021-42886"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-455"
},
{
"db": "NVD",
"id": "CVE-2021-42886"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. TOTOLINK of ex1200t Firmware has an information disclosure vulnerability.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42886"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"db": "VULMON",
"id": "CVE-2021-42886"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42886",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019784",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53571",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-455",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42886",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"db": "VULMON",
"id": "CVE-2021-42886"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-455"
},
{
"db": "NVD",
"id": "CVE-2021-42886"
}
]
},
"id": "VAR-202206-0320",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53571"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53571"
}
]
},
"last_update_date": "2024-11-23T22:15:45.964000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"db": "NVD",
"id": "CVE-2021-42886"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42886"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42886/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"db": "VULMON",
"id": "CVE-2021-42886"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-455"
},
{
"db": "NVD",
"id": "CVE-2021-42886"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"db": "VULMON",
"id": "CVE-2021-42886"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-455"
},
{
"db": "NVD",
"id": "CVE-2021-42886"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42886"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-455"
},
{
"date": "2022-06-03T12:15:07.890000",
"db": "NVD",
"id": "CVE-2021-42886"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42886"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019784"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-455"
},
{
"date": "2024-11-21T06:28:16.390000",
"db": "NVD",
"id": "CVE-2021-42886"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-455"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53571"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-455"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-455"
}
],
"trust": 0.6
}
}
var-202206-0214
Vulnerability from variot
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0214",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53567"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"db": "NVD",
"id": "CVE-2021-42893"
}
]
},
"cve": "CVE-2021-42893",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42893",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53567",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42893",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42893",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42893",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-42893",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-53567",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-462",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-42893",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53567"
},
{
"db": "VULMON",
"id": "CVE-2021-42893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-462"
},
{
"db": "NVD",
"id": "CVE-2021-42893"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"db": "CNVD",
"id": "CNVD-2022-53567"
},
{
"db": "VULMON",
"id": "CVE-2021-42893"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42893",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019777",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53567",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-462",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42893",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53567"
},
{
"db": "VULMON",
"id": "CVE-2021-42893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-462"
},
{
"db": "NVD",
"id": "CVE-2021-42893"
}
]
},
"id": "VAR-202206-0214",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53567"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53567"
}
]
},
"last_update_date": "2024-11-23T22:04:48.718000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"db": "NVD",
"id": "CVE-2021-42893"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_sysstatus_leak.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42893"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42893/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53567"
},
{
"db": "VULMON",
"id": "CVE-2021-42893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-462"
},
{
"db": "NVD",
"id": "CVE-2021-42893"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53567"
},
{
"db": "VULMON",
"id": "CVE-2021-42893"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-462"
},
{
"db": "NVD",
"id": "CVE-2021-42893"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53567"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42893"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-462"
},
{
"date": "2022-06-03T18:15:08.573000",
"db": "NVD",
"id": "CVE-2021-42893"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53567"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42893"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019777"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-462"
},
{
"date": "2024-11-21T06:28:17.443000",
"db": "NVD",
"id": "CVE-2021-42893"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Vulnerability related to lack of authentication for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019777"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-462"
}
],
"trust": 0.6
}
}
var-202206-0048
Vulnerability from variot
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46165"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"db": "NVD",
"id": "CVE-2021-42872"
}
]
},
"cve": "CVE-2021-42872",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42872",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-46165",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42872",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42872",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42872",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-42872",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-46165",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-319",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-42872",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46165"
},
{
"db": "VULMON",
"id": "CVE-2021-42872"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-319"
},
{
"db": "NVD",
"id": "CVE-2021-42872"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42872"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"db": "CNVD",
"id": "CNVD-2022-46165"
},
{
"db": "VULMON",
"id": "CVE-2021-42872"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42872",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019737",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-46165",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-319",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42872",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46165"
},
{
"db": "VULMON",
"id": "CVE-2021-42872"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-319"
},
{
"db": "NVD",
"id": "CVE-2021-42872"
}
]
},
"id": "VAR-202206-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46165"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46165"
}
]
},
"last_update_date": "2024-11-23T22:36:48.598000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.1,
"url": "https://github.com/p1Kk/vuln "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-42872"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"db": "NVD",
"id": "CVE-2021-42872"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://totolink.net/"
},
{
"trust": 2.5,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_noticeurl_rce4.md"
},
{
"trust": 1.7,
"url": "http://ex1200t.com"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42872"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42872/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/p1kk/vuln"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46165"
},
{
"db": "VULMON",
"id": "CVE-2021-42872"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-319"
},
{
"db": "NVD",
"id": "CVE-2021-42872"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-46165"
},
{
"db": "VULMON",
"id": "CVE-2021-42872"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-319"
},
{
"db": "NVD",
"id": "CVE-2021-42872"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-46165"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42872"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-319"
},
{
"date": "2022-06-02T14:15:30.877000",
"db": "NVD",
"id": "CVE-2021-42872"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-46165"
},
{
"date": "2022-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42872"
},
{
"date": "2023-08-15T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-019737"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-319"
},
{
"date": "2024-11-21T06:28:15.647000",
"db": "NVD",
"id": "CVE-2021-42872"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-319"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019737"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-319"
}
],
"trust": 0.6
}
}
var-202401-0875
Vulnerability from variot
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. TOTOLINK EX1200T is a Wi-Fi range extender from China's Zeon Electronics (TOTOLINK) company.
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 version has a command injection vulnerability. This vulnerability is caused by the failure of the main method to correctly filter special characters, commands, etc. in the constructed command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-0875",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5232_b20210713"
},
{
"model": "ex1200t v4.1.2cu.5232 b20210713",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
},
{
"db": "NVD",
"id": "CVE-2023-52032"
}
]
},
"cve": "CVE-2023-52032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-04914",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-52032",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-52032",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2024-04914",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
},
{
"db": "NVD",
"id": "CVE-2023-52032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the \"main\" function. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s Zeon Electronics (TOTOLINK) company. \n\r\n\r\nTOTOLINK EX1200T V4.1.2cu.5232_B20210713 version has a command injection vulnerability. This vulnerability is caused by the failure of the main method to correctly filter special characters, commands, etc. in the constructed command",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-52032"
},
{
"db": "CNVD",
"id": "CNVD-2024-04914"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-52032",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2024-04914",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
},
{
"db": "NVD",
"id": "CVE-2023-52032"
}
]
},
"id": "VAR-202401-0875",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
}
]
},
"last_update_date": "2024-08-14T15:15:35.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for TOTOLINK EX1200T command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/518081"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-52032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://815yang.github.io/2023/12/24/cve6/ex1200t_v4.1.2cu.5232_b20210713_downloadflile/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
},
{
"db": "NVD",
"id": "CVE-2023-52032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
},
{
"db": "NVD",
"id": "CVE-2023-52032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-04914"
},
{
"date": "2024-01-11T09:15:47.483000",
"db": "NVD",
"id": "CVE-2023-52032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-04914"
},
{
"date": "2024-01-17T18:10:27.367000",
"db": "NVD",
"id": "CVE-2023-52032"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-04914"
}
],
"trust": 0.6
}
}
var-202206-0026
Vulnerability from variot
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53572"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"db": "NVD",
"id": "CVE-2021-42885"
}
]
},
"cve": "CVE-2021-42885",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42885",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53572",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42885",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42885",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42885",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-42885",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-53572",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-452",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53572"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-452"
},
{
"db": "NVD",
"id": "CVE-2021-42885"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42885"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"db": "CNVD",
"id": "CNVD-2022-53572"
},
{
"db": "VULMON",
"id": "CVE-2021-42885"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42885",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019785",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53572",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-452",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42885",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53572"
},
{
"db": "VULMON",
"id": "CVE-2021-42885"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-452"
},
{
"db": "NVD",
"id": "CVE-2021-42885"
}
]
},
"id": "VAR-202206-0026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53572"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53572"
}
]
},
"last_update_date": "2024-11-23T22:15:46.253000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"db": "NVD",
"id": "CVE-2021-42885"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_devicemac_rce.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42885"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42885/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53572"
},
{
"db": "VULMON",
"id": "CVE-2021-42885"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-452"
},
{
"db": "NVD",
"id": "CVE-2021-42885"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53572"
},
{
"db": "VULMON",
"id": "CVE-2021-42885"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-452"
},
{
"db": "NVD",
"id": "CVE-2021-42885"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53572"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42885"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-452"
},
{
"date": "2022-06-03T11:15:12.477000",
"db": "NVD",
"id": "CVE-2021-42885"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53572"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42885"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019785"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-452"
},
{
"date": "2024-11-21T06:28:16.243000",
"db": "NVD",
"id": "CVE-2021-42885"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-452"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019785"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-452"
}
],
"trust": 0.6
}
}
var-202203-1928
Vulnerability from variot
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. TOTOLINK of ex300 v2 firmware and ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX300 is a 300 Mbps wireless N range extender from China TotoLink company, TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK company.
An access control error vulnerability exists in TOTOLINK EX300_v2 and EX1200T. The vulnerability stems from the device web server not performing any authentication, allowing an attacker to access the web ui and perform any actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1928",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5230_b20210706"
},
{
"model": "ex300 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.0.3c.140_b20210429"
},
{
"model": "ex300 v2",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex300 v2 v4.0.3c.140 b20210429",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5230 b20210706",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"db": "NVD",
"id": "CVE-2022-25008"
}
]
},
"cve": "CVE-2022-25008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2022-25008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-55141",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-25008",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-25008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-25008",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-55141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2635",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2635"
},
{
"db": "NVD",
"id": "CVE-2022-25008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. TOTOLINK of ex300 v2 firmware and ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX300 is a 300 Mbps wireless N range extender from China TotoLink company, TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK company. \n\r\n\r\nAn access control error vulnerability exists in TOTOLINK EX300_v2 and EX1200T. The vulnerability stems from the device web server not performing any authentication, allowing an attacker to access the web ui and perform any actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25008"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"db": "CNVD",
"id": "CNVD-2022-55141"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25008",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007450",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-55141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2635",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2635"
},
{
"db": "NVD",
"id": "CVE-2022-25008"
}
]
},
"id": "VAR-202203-1928",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-55141"
}
],
"trust": 1.3291666666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-55141"
}
]
},
"last_update_date": "2024-11-23T22:40:30.872000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"db": "NVD",
"id": "CVE-2022-25008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-25008/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25008"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2635"
},
{
"db": "NVD",
"id": "CVE-2022-25008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-55141"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2635"
},
{
"db": "NVD",
"id": "CVE-2022-25008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-55141"
},
{
"date": "2023-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2635"
},
{
"date": "2022-03-30T23:15:08.093000",
"db": "NVD",
"id": "CVE-2022-25008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-55141"
},
{
"date": "2023-07-14T08:38:00",
"db": "JVNDB",
"id": "JVNDB-2022-007450"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2635"
},
{
"date": "2024-11-21T06:51:32.073000",
"db": "NVD",
"id": "CVE-2022-25008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2635"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex300\u00a0v2\u00a0 firmware and \u00a0ex1200t\u00a0 Vulnerability related to lack of authentication for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007450"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2635"
}
],
"trust": 0.6
}
}
var-202206-0123
Vulnerability from variot
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53570"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"db": "NVD",
"id": "CVE-2021-42888"
}
]
},
"cve": "CVE-2021-42888",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42888",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53570",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42888",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42888",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42888",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-42888",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-53570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-457",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-42888",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53570"
},
{
"db": "VULMON",
"id": "CVE-2021-42888"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-457"
},
{
"db": "NVD",
"id": "CVE-2021-42888"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42888"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"db": "CNVD",
"id": "CNVD-2022-53570"
},
{
"db": "VULMON",
"id": "CVE-2021-42888"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42888",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019782",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53570",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-457",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42888",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53570"
},
{
"db": "VULMON",
"id": "CVE-2021-42888"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-457"
},
{
"db": "NVD",
"id": "CVE-2021-42888"
}
]
},
"id": "VAR-202206-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53570"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53570"
}
]
},
"last_update_date": "2024-11-23T23:07:20.273000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"db": "NVD",
"id": "CVE-2021-42888"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42888"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42888/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53570"
},
{
"db": "VULMON",
"id": "CVE-2021-42888"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-457"
},
{
"db": "NVD",
"id": "CVE-2021-42888"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53570"
},
{
"db": "VULMON",
"id": "CVE-2021-42888"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-457"
},
{
"db": "NVD",
"id": "CVE-2021-42888"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53570"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42888"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-457"
},
{
"date": "2022-06-03T14:15:08.110000",
"db": "NVD",
"id": "CVE-2021-42888"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53570"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42888"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019782"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-457"
},
{
"date": "2024-11-21T06:28:16.690000",
"db": "NVD",
"id": "CVE-2021-42888"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-457"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019782"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-457"
}
],
"trust": 0.6
}
}
var-202206-0354
Vulnerability from variot
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. TOTOLINK of ex1200t A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be tampered with. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"db": "NVD",
"id": "CVE-2021-42892"
}
]
},
"cve": "CVE-2021-42892",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42892",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53564",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-42892",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-42892",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42892",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-42892",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-53564",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-458",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-42892",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"db": "VULMON",
"id": "CVE-2021-42892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-458"
},
{
"db": "NVD",
"id": "CVE-2021-42892"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. TOTOLINK of ex1200t A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be tampered with. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"db": "VULMON",
"id": "CVE-2021-42892"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42892",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019778",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53564",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-458",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42892",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"db": "VULMON",
"id": "CVE-2021-42892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-458"
},
{
"db": "NVD",
"id": "CVE-2021-42892"
}
]
},
"id": "VAR-202206-0354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53564"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53564"
}
]
},
"last_update_date": "2024-11-23T23:07:20.061000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"db": "NVD",
"id": "CVE-2021-42892"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_telnet_default.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42892"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42892/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"db": "VULMON",
"id": "CVE-2021-42892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-458"
},
{
"db": "NVD",
"id": "CVE-2021-42892"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"db": "VULMON",
"id": "CVE-2021-42892"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-458"
},
{
"db": "NVD",
"id": "CVE-2021-42892"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42892"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-458"
},
{
"date": "2022-06-03T17:15:07.607000",
"db": "NVD",
"id": "CVE-2021-42892"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42892"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019778"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-458"
},
{
"date": "2024-11-21T06:28:17.293000",
"db": "NVD",
"id": "CVE-2021-42892"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53564"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-458"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-458"
}
],
"trust": 0.6
}
}
var-202206-0054
Vulnerability from variot
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53566"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"db": "NVD",
"id": "CVE-2021-42891"
}
]
},
"cve": "CVE-2021-42891",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42891",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53566",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42891",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42891",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42891",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-42891",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-53566",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-460",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-42891",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53566"
},
{
"db": "VULMON",
"id": "CVE-2021-42891"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-460"
},
{
"db": "NVD",
"id": "CVE-2021-42891"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42891"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"db": "CNVD",
"id": "CNVD-2022-53566"
},
{
"db": "VULMON",
"id": "CVE-2021-42891"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42891",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019779",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53566",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-460",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42891",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53566"
},
{
"db": "VULMON",
"id": "CVE-2021-42891"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-460"
},
{
"db": "NVD",
"id": "CVE-2021-42891"
}
]
},
"id": "VAR-202206-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53566"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53566"
}
]
},
"last_update_date": "2024-11-23T22:40:27.625000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"db": "NVD",
"id": "CVE-2021-42891"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_easywizard_leak.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42891"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42891/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53566"
},
{
"db": "VULMON",
"id": "CVE-2021-42891"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-460"
},
{
"db": "NVD",
"id": "CVE-2021-42891"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53566"
},
{
"db": "VULMON",
"id": "CVE-2021-42891"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-460"
},
{
"db": "NVD",
"id": "CVE-2021-42891"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53566"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42891"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-460"
},
{
"date": "2022-06-03T16:15:11.170000",
"db": "NVD",
"id": "CVE-2021-42891"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53566"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42891"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019779"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-460"
},
{
"date": "2024-11-21T06:28:17.147000",
"db": "NVD",
"id": "CVE-2021-42891"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-460"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Vulnerability related to lack of authentication for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019779"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-460"
}
],
"trust": 0.6
}
}
var-202206-0176
Vulnerability from variot
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53569"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"db": "NVD",
"id": "CVE-2021-42890"
}
]
},
"cve": "CVE-2021-42890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42890",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53569",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42890",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42890",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42890",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-42890",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-53569",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-456",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-42890",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53569"
},
{
"db": "VULMON",
"id": "CVE-2021-42890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-456"
},
{
"db": "NVD",
"id": "CVE-2021-42890"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"db": "CNVD",
"id": "CNVD-2022-53569"
},
{
"db": "VULMON",
"id": "CVE-2021-42890"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42890",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019780",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53569",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-456",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42890",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53569"
},
{
"db": "VULMON",
"id": "CVE-2021-42890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-456"
},
{
"db": "NVD",
"id": "CVE-2021-42890"
}
]
},
"id": "VAR-202206-0176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53569"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53569"
}
]
},
"last_update_date": "2024-11-23T22:54:34.103000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"db": "NVD",
"id": "CVE-2021-42890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42890"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42890/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53569"
},
{
"db": "VULMON",
"id": "CVE-2021-42890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-456"
},
{
"db": "NVD",
"id": "CVE-2021-42890"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53569"
},
{
"db": "VULMON",
"id": "CVE-2021-42890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-456"
},
{
"db": "NVD",
"id": "CVE-2021-42890"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53569"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42890"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-456"
},
{
"date": "2022-06-03T15:15:08.193000",
"db": "NVD",
"id": "CVE-2021-42890"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53569"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42890"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019780"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-456"
},
{
"date": "2024-11-21T06:28:17.003000",
"db": "NVD",
"id": "CVE-2021-42890"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-456"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019780"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-456"
}
],
"trust": 0.6
}
}
var-202206-0322
Vulnerability from variot
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0322",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t 4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"db": "NVD",
"id": "CVE-2021-42887"
}
]
},
"cve": "CVE-2021-42887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42887",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-46173",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42887",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42887",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42887",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-42887",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-46173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-454",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-42887",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46173"
},
{
"db": "VULMON",
"id": "CVE-2021-42887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-454"
},
{
"db": "NVD",
"id": "CVE-2021-42887"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"db": "CNVD",
"id": "CNVD-2022-46173"
},
{
"db": "VULMON",
"id": "CVE-2021-42887"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42887",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019783",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-46173",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-454",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42887",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46173"
},
{
"db": "VULMON",
"id": "CVE-2021-42887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-454"
},
{
"db": "NVD",
"id": "CVE-2021-42887"
}
]
},
"id": "VAR-202206-0322",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46173"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46173"
}
]
},
"last_update_date": "2024-11-23T23:00:49.161000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"db": "NVD",
"id": "CVE-2021-42887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_login_bypass.md"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2021-42887/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42887"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46173"
},
{
"db": "VULMON",
"id": "CVE-2021-42887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-454"
},
{
"db": "NVD",
"id": "CVE-2021-42887"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-46173"
},
{
"db": "VULMON",
"id": "CVE-2021-42887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-454"
},
{
"db": "NVD",
"id": "CVE-2021-42887"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-46173"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42887"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-454"
},
{
"date": "2022-06-03T12:15:07.933000",
"db": "NVD",
"id": "CVE-2021-42887"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-46173"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42887"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019783"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-454"
},
{
"date": "2024-11-21T06:28:16.540000",
"db": "NVD",
"id": "CVE-2021-42887"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019783"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-454"
}
],
"trust": 0.6
}
}
var-202206-0381
Vulnerability from variot
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53568"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"db": "NVD",
"id": "CVE-2021-42877"
}
]
},
"cve": "CVE-2021-42877",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42877",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53568",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42877",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-42877",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42877",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-42877",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-53568",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-418",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-42877",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53568"
},
{
"db": "VULMON",
"id": "CVE-2021-42877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-418"
},
{
"db": "NVD",
"id": "CVE-2021-42877"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"db": "CNVD",
"id": "CNVD-2022-53568"
},
{
"db": "VULMON",
"id": "CVE-2021-42877"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42877",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019772",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53568",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-418",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42877",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53568"
},
{
"db": "VULMON",
"id": "CVE-2021-42877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-418"
},
{
"db": "NVD",
"id": "CVE-2021-42877"
}
]
},
"id": "VAR-202206-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53568"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53568"
}
]
},
"last_update_date": "2024-11-23T22:24:49.174000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"db": "NVD",
"id": "CVE-2021-42877"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_reboot.md"
},
{
"trust": 2.5,
"url": "http://totolink.net/"
},
{
"trust": 1.7,
"url": "http://ex1200t.com"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42877"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42877/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53568"
},
{
"db": "VULMON",
"id": "CVE-2021-42877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-418"
},
{
"db": "NVD",
"id": "CVE-2021-42877"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53568"
},
{
"db": "VULMON",
"id": "CVE-2021-42877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-418"
},
{
"db": "NVD",
"id": "CVE-2021-42877"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53568"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42877"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-418"
},
{
"date": "2022-06-02T20:15:08.333000",
"db": "NVD",
"id": "CVE-2021-42877"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53568"
},
{
"date": "2022-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42877"
},
{
"date": "2023-08-16T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-019772"
},
{
"date": "2022-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-418"
},
{
"date": "2024-11-21T06:28:15.957000",
"db": "NVD",
"id": "CVE-2021-42877"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-418"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019772"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-418"
}
],
"trust": 0.6
}
}
var-202206-0003
Vulnerability from variot
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t v4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53565"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"db": "NVD",
"id": "CVE-2021-42889"
}
]
},
"cve": "CVE-2021-42889",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42889",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-53565",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42889",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42889",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42889",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-42889",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-53565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-459",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-42889",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53565"
},
{
"db": "VULMON",
"id": "CVE-2021-42889"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-459"
},
{
"db": "NVD",
"id": "CVE-2021-42889"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42889"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"db": "CNVD",
"id": "CNVD-2022-53565"
},
{
"db": "VULMON",
"id": "CVE-2021-42889"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42889",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019781",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-53565",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-459",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42889",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53565"
},
{
"db": "VULMON",
"id": "CVE-2021-42889"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-459"
},
{
"db": "NVD",
"id": "CVE-2021-42889"
}
]
},
"id": "VAR-202206-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53565"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53565"
}
]
},
"last_update_date": "2024-11-23T22:47:21.777000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"db": "NVD",
"id": "CVE-2021-42889"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_getwifiapconfig_leak.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42889"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42889/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-53565"
},
{
"db": "VULMON",
"id": "CVE-2021-42889"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-459"
},
{
"db": "NVD",
"id": "CVE-2021-42889"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-53565"
},
{
"db": "VULMON",
"id": "CVE-2021-42889"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-459"
},
{
"db": "NVD",
"id": "CVE-2021-42889"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53565"
},
{
"date": "2022-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42889"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"date": "2022-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-459"
},
{
"date": "2022-06-03T15:15:08.150000",
"db": "NVD",
"id": "CVE-2021-42889"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-53565"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42889"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019781"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-459"
},
{
"date": "2024-11-21T06:28:16.860000",
"db": "NVD",
"id": "CVE-2021-42889"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Vulnerability related to lack of authentication for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019781"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-459"
}
],
"trust": 0.6
}
}
var-202206-0222
Vulnerability from variot
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless signal booster. An attacker can exploit this vulnerability to control ipDoamin
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex1200t",
"scope": "eq",
"trust": 1.0,
"vendor": "totolink",
"version": "4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "ex1200t firmware 4.1.2cu.5215"
},
{
"model": "ex1200t",
"scope": null,
"trust": 0.8,
"vendor": "totolink",
"version": null
},
{
"model": "ex1200t 4.1.2cu.5215",
"scope": null,
"trust": 0.6,
"vendor": "totolink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46170"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"db": "NVD",
"id": "CVE-2021-42875"
}
]
},
"cve": "CVE-2021-42875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42875",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-46170",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42875",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42875",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42875",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-42875",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-46170",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-385",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-42875",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46170"
},
{
"db": "VULMON",
"id": "CVE-2021-42875"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-385"
},
{
"db": "NVD",
"id": "CVE-2021-42875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless signal booster. An attacker can exploit this vulnerability to control ipDoamin",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42875"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"db": "CNVD",
"id": "CNVD-2022-46170"
},
{
"db": "VULMON",
"id": "CVE-2021-42875"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42875",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019787",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-46170",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-385",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42875",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46170"
},
{
"db": "VULMON",
"id": "CVE-2021-42875"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-385"
},
{
"db": "NVD",
"id": "CVE-2021-42875"
}
]
},
"id": "VAR-202206-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46170"
}
],
"trust": 1.2374999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46170"
}
]
},
"last_update_date": "2024-11-23T22:40:27.487000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"db": "NVD",
"id": "CVE-2021-42875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://totolink.net"
},
{
"trust": 2.5,
"url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md"
},
{
"trust": 1.7,
"url": "http://ex1200t.com"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42875"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42875/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-46170"
},
{
"db": "VULMON",
"id": "CVE-2021-42875"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-385"
},
{
"db": "NVD",
"id": "CVE-2021-42875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-46170"
},
{
"db": "VULMON",
"id": "CVE-2021-42875"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-385"
},
{
"db": "NVD",
"id": "CVE-2021-42875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-46170"
},
{
"date": "2022-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42875"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"date": "2022-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-385"
},
{
"date": "2022-06-02T19:15:08.987000",
"db": "NVD",
"id": "CVE-2021-42875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-46170"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42875"
},
{
"date": "2023-08-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-019787"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-385"
},
{
"date": "2024-11-21T06:28:15.800000",
"db": "NVD",
"id": "CVE-2021-42875"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-385"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019787"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-385"
}
],
"trust": 0.6
}
}