Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
Link | Resource |
---|---|
https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 |
22 Mar 2022, 14:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:* cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:* cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:* cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:* cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:* cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:* |
|
References | (MISC) https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md - Exploit, Third Party Advisory | |
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
First Time |
Totolink a3000ru
Totolink a800r Totolink Totolink a950rg Firmware Totolink a3000ru Firmware Totolink a810r Firmware Totolink a3100r Firmware Totolink a810r Totolink a800r Firmware Totolink a830r Firmware Totolink a3100r Totolink a950rg Totolink a830r |
15 Mar 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-15 22:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26208
Mitre link : CVE-2022-26208
CVE.ORG link : CVE-2022-26208
JSON object : View
Products Affected
totolink
- a950rg_firmware
- a3100r_firmware
- a3100r
- a3000ru_firmware
- a950rg
- a830r_firmware
- a810r_firmware
- a800r_firmware
- a3000ru
- a830r
- a800r
- a810r
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')