CVE-2022-46631
https://notcve.org/view.php?id=CVE-2022-46631
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro wscDisabled en la función settings/setWiFiSignalCfg. • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-46634
https://notcve.org/view.php?id=CVE-2022-46634
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro wscDisabled en la función setting/setWiFiWpsCfg. • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-44844
https://notcve.org/view.php?id=CVE-2022-44844
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comando a través del parámetro pass en la función settings/setOpenVpnCfg. • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-44843
https://notcve.org/view.php?id=CVE-2022-44843
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comandos a través del parámetro de puerto en la función configuración/setOpenVpnClientCfg. • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-44259
https://notcve.org/view.php?id=CVE-2022-44259
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer posterior a la autenticación a través de los parámetros week sTime y eTime en la función setParentalRules. • https://brief-nymphea-813.notion.site/LR350-bof-setParentalRules-fe0c0cc8b9bd44b48c527f76e69d402a • CWE-787: Out-of-bounds Write •