Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
Link | Resource |
---|---|
https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 |
22 Mar 2022, 14:37
Type | Values Removed | Values Added |
---|---|---|
First Time |
Totolink a3000ru
Totolink a800r Totolink Totolink a950rg Firmware Totolink a3000ru Firmware Totolink a810r Firmware Totolink a3100r Firmware Totolink a810r Totolink a800r Firmware Totolink a830r Firmware Totolink a3100r Totolink a950rg Totolink a830r |
|
CPE | cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:* cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:* cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:* cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:* cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:* cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:* |
|
References | (MISC) https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-77 |
15 Mar 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-15 22:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26210
Mitre link : CVE-2022-26210
CVE.ORG link : CVE-2022-26210
JSON object : View
Products Affected
totolink
- a950rg_firmware
- a3100r_firmware
- a3100r
- a3000ru_firmware
- a950rg
- a830r_firmware
- a810r_firmware
- a800r_firmware
- a3000ru
- a830r
- a800r
- a810r
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')