CVSS: 9.8EPSS: 19%CPEs: 2EXPL: 1CVE-2022-26187
https://notcve.org/view.php?id=CVE-2022-26187
22 Mar 2022 — TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. Se ha detectado que TOTOLINK N600R versión V4.3.0cu.7570_B20200620, contiene una vulnerabilidad de inyección de comandos por medio de la función pingCheck • https://doudoudedi.github.io/2022/02/21/TOTOLINK-N600R-Command-Injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 19%CPEs: 2EXPL: 1CVE-2022-26186
https://notcve.org/view.php?id=CVE-2022-26186
22 Mar 2022 — TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. Se ha detectado que TOTOLINK N600R versión V4.3.0cu.7570_B20200620, contiene una vulnerabilidad de inyección de comandos por medio de la interfaz exportOvpn en el archivo cstecgi.cgi • https://doudoudedi.github.io/2022/02/21/TOTOLINK-N600R-Command-Injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-27004
https://notcve.org/view.php?id=CVE-2022-27004
15 Mar 2022 — Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función Tunnel 6in4 por medio del p... • https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_31/31.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-27005
https://notcve.org/view.php?id=CVE-2022-27005
15 Mar 2022 — Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función setWanCfg por medio del parámet... • https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_30/30.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-27003
https://notcve.org/view.php?id=CVE-2022-27003
15 Mar 2022 — Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función Tunnel 6rd por medio del parám... • https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_32/32.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2022-26213
https://notcve.org/view.php?id=CVE-2022-26213
15 Mar 2022 — Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Totolink X5000R_Firmware versión v9.1.0u.6118_B20201102, contiene una vulnerabilidad de inyección de comandos en la función setNtpCfg, por medio de los parámetros tz. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medi... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_21/21.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 1CVE-2022-26214
https://notcve.org/view.php?id=CVE-2022-26214
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B202009... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2022-26212
https://notcve.org/view.php?id=CVE-2022-26212
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2022-26211
https://notcve.org/view.php?id=CVE-2022-26211
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950R... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_25/25.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2022-26209
https://notcve.org/view.php?id=CVE-2022-26209
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versione... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_24/24.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •