Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.
References
| Link | Resource |
|---|---|
| https://github.com/pjqwudi/my_vuln/blob/main/totolink/vuln_1/1.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
History
07 Feb 2022, 14:19
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://github.com/pjqwudi/my_vuln/blob/main/totolink/vuln_1/1.md - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:o:totolink:a720r_firmware:4.1.5cu.470_b20200911:*:*:*:*:*:*:* cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a720r:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:* cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| First Time |
Totolink a720r
Totolink a3100r Firmware Totolink a830r Firmware Totolink a3100r Totolink Totolink a720r Firmware Totolink a830r |
|
| CWE | CWE-77 |
04 Feb 2022, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-02-04 02:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-44247
Mitre link : CVE-2021-44247
CVE.ORG link : CVE-2021-44247
JSON object : View
Products Affected
totolink
- a3100r_firmware
- a3100r
- a720r_firmware
- a830r_firmware
- a720r
- a830r
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')