CVE-2021-44247
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.
Se ha detectado que los dispositivos Totolink A3100R versión v4.1.2cu.5050_B20200504, A830R versión v5.9c.4729_B20191112 y A720R versión v4.1.5cu.470_B20200911, contienen una vulnerabilidad de inyección de comandos en la función setNoticeCfg. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro IpFrom
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-29 CVE Reserved
- 2022-02-04 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/pjqwudi/my_vuln/blob/main/totolink/vuln_1/1.md | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Totolink Search vendor "Totolink" | A720r Firmware Search vendor "Totolink" for product "A720r Firmware" | 4.1.5cu.470_b20200911 Search vendor "Totolink" for product "A720r Firmware" and version "4.1.5cu.470_b20200911" | - |
Affected
| in | Totolink Search vendor "Totolink" | A720r Search vendor "Totolink" for product "A720r" | - | - |
Safe
|
| Totolink Search vendor "Totolink" | A830r Firmware Search vendor "Totolink" for product "A830r Firmware" | 5.9c.4729_b20191112 Search vendor "Totolink" for product "A830r Firmware" and version "5.9c.4729_b20191112" | - |
Affected
| in | Totolink Search vendor "Totolink" | A830r Search vendor "Totolink" for product "A830r" | - | - |
Safe
|
| Totolink Search vendor "Totolink" | A3100r Firmware Search vendor "Totolink" for product "A3100r Firmware" | 4.1.2cu.5050_b20200504 Search vendor "Totolink" for product "A3100r Firmware" and version "4.1.2cu.5050_b20200504" | - |
Affected
| in | Totolink Search vendor "Totolink" | A3100r Search vendor "Totolink" for product "A3100r" | - | - |
Safe
|