CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2022-38823
https://notcve.org/view.php?id=CVE-2022-38823
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. En TOTOLINK T6 V4.1.5cu.709_B20210518, se presenta una contraseña codificada para root en /etc/shadow.sample • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/hard_code.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 1CVE-2022-38826
https://notcve.org/view.php?id=CVE-2022-38826
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. En TOTOLINK T6 V4.1.5cu.709_B20210518, se presenta un comando de ejecución arbitraria en cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setStaticDhcpRules_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38827
https://notcve.org/view.php?id=CVE-2022-38827
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi TOTOLINK T6 V4.1.5cu.709_B20210518 es vulnerable al desbordamiento del búfer a través de cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setWiFiWpsStart_2.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 44%CPEs: 2EXPL: 1CVE-2022-38828
https://notcve.org/view.php?id=CVE-2022-38828
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi TOTOLINK T6 V4.1.5cu.709_B20210518 es vulnerable a la inyección de comandos a través de cstecgi.cgi • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_T6_V3/setWiFiWpsStart_1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •