CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2022-28911
https://notcve.org/view.php?id=CVE-2022-28911
10 May 2022 — TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. Se ha detectado que TOTOLink N600R versión V5.3c.7159_B20190425, contiene una vulnerabilidad de inyección de comandos por medio del parámetro filename en /setting/CloudACMunualUpdate • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/N600R/7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-28909
https://notcve.org/view.php?id=CVE-2022-28909
10 May 2022 — TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. Se ha detectado que TOTOLink N600R versión V5.3c.7159_B20190425 contiene una vulnerabilidad de inyección de comandos por medio del parámetro webwlanidx en /setting/setWebWlanIdx • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/N600R/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2022-28907
https://notcve.org/view.php?id=CVE-2022-28907
10 May 2022 — TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. Se ha detectado que TOTOLink N600R versión V5.3c.7159_B20190425, contiene una vulnerabilidad de inyección de comandos por medio de la función hosttime en /setting/NTPSyncWithHost • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/N600R/5 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2022-28908
https://notcve.org/view.php?id=CVE-2022-28908
10 May 2022 — TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. Se ha detectado que TOTOLink N600R versión V5.3c.7159_B20190425, contiene una vulnerabilidad de inyección de comandos por medio del parámetro ipdoamin en /setting/setDiagnosisCfg • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/N600R/4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2022-28905
https://notcve.org/view.php?id=CVE-2022-28905
10 May 2022 — TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. Se ha detectado que TOTOLink N600R versión V5.3c.7159_B20190425, contiene una vulnerabilidad de inyección de comandos por medio del parámetro devicemac en /setting/setDeviceName • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/N600R/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2022-28906
https://notcve.org/view.php?id=CVE-2022-28906
10 May 2022 — TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. Se ha detectado que TOTOLink N600R versión V5.3c.7159_B20190425, contiene una vulnerabilidad de inyección de comandos por el parámetro langtype en /setting/setLanguageCfg • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/N600R/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 1CVE-2022-27411
https://notcve.org/view.php?id=CVE-2022-27411
05 May 2022 — TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. Se ha detectado E7que TOTOLINK N600R versión v5.3c.5507_B20171031, contiene una vulnerabilidad de inyección de comandos por medio del parámetro QUERY_STRING en la función "Main" • https://github.com/ejdhssh/IOT_Vul •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28583
https://notcve.org/view.php?id=CVE-2022-28583
05 May 2022 — It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiWpsCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28582
https://notcve.org/view.php?id=CVE-2022-28582
05 May 2022 — It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiSignalCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28581
https://notcve.org/view.php?id=CVE-2022-28581
05 May 2022 — It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. Se ha detectado una vulnerabilidad de inyección de comandos en la interfaz setWiFiAdvancedCfg del router TOTOlink A7100RU (versión v7.4cu.2313_b20191024), que permite a un atacante ejecutar comandos arbitrarios mediante una carga útil cuidadosamente construida • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •