CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2022-26210
https://notcve.org/view.php?id=CVE-2022-26210
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2022-26207
https://notcve.org/view.php?id=CVE-2022-26207
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_28/28.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 1CVE-2022-26208
https://notcve.org/view.php?id=CVE-2022-26208
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_22/22.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2022-26206
https://notcve.org/view.php?id=CVE-2022-26206
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones ... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2021-44620
https://notcve.org/view.php?id=CVE-2021-44620
11 Mar 2022 — A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. Se presenta una vulnerabilidad de Inyección de Comandos en TOTOLINK A3100R versiones anteriores a V4.1.2cu.5050_B20200504 incluyéndola, en el archivo adm/ntm.asp por medio de los parámetros hosTime • http://a3100r.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25083
https://notcve.org/view.php?id=CVE-2022-25083
22 Feb 2022 — TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. Se ha detectado que TOTOLink A860R versión V4.1.2cu.5182_B20201027, contiene una vulnerabilidad de inyección de comandos en la función "Main". Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro QUERY_STRING • https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A860R/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25084
https://notcve.org/view.php?id=CVE-2022-25084
22 Feb 2022 — TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. Se ha detectado que TOTOLink T6 versión V5.9c.4085_B20190428 contiene una vulnerabilidad de inyección de comandos en la función "Main". Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro QUERY_STRING • https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/T6/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 94%CPEs: 3EXPL: 1CVE-2022-25082
https://notcve.org/view.php?id=CVE-2022-25082
22 Feb 2022 — TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. Se ha detectado que TOTOLink A950RG versiones V5.9c.4050_B20190424 y V4.1.2cu.5204_B20210112, contienen una vulnerabilidad de inyección de comandos en la función "Main". Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro ... • https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25080
https://notcve.org/view.php?id=CVE-2022-25080
22 Feb 2022 — TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. Se ha detectado que TOTOLink A830R versión V5.9c.4729_B20191112, contiene una vulnerabilidad de inyección de comandos en la función "Main". Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro QUERY_STRING • https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A830R/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25081
https://notcve.org/view.php?id=CVE-2022-25081
22 Feb 2022 — TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. Se ha detectado que TOTOLink T10 versión V5.9c.5061_B20200511, contiene una vulnerabilidad de inyección de comandos en la función "Main". Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro QUERY_STRING • https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/T10/README.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •