CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 1CVE-2022-26208
https://notcve.org/view.php?id=CVE-2022-26208
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2022-26206
https://notcve.org/view.php?id=CVE-2022-26206
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones ... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25080
https://notcve.org/view.php?id=CVE-2022-25080
22 Feb 2022 — TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. Se ha detectado que TOTOLink A830R versión V5.9c.4729_B20191112, contiene una vulnerabilidad de inyección de comandos en la función "Main". Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro QUERY_STRING • https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A830R/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2021-44247
https://notcve.org/view.php?id=CVE-2021-44247
04 Feb 2022 — Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. Se ha detectado que los dispositivos Totolink A3100R versión v4.1.2cu.5050_B20200504, A830R versión v5.9c.4729_B20191112 y A720R versión v4.1.5cu.470_B20200911, contienen una vulnerabilidad de inyección de comandos en la ... • https://github.com/pjqwudi/my_vuln/blob/main/totolink/vuln_1/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-44246
https://notcve.org/view.php?id=CVE-2021-44246
04 Feb 2022 — Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. Se ha detectado que los dispositivos Totolink A3100R versión v4.1.2cu.5050_B20200504, A830R versión v5.9c.4729_B20191112 y A720R versión v4.1.5cu.470_B20200911 contienen un desbordamiento de pila en la función setNoticeCfg. Esta vuln... • https://github.com/pjqwudi/my_vuln/blob/main/totolink/vuln_2/2.md •