CVE-2022-27004
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Se ha detectado que los routers Totolink s X5000R versiones V9.1.0u.6118_B20201102 y A7000R versiones V9.1.0u.6115_B20201022, contienen una vulnerabilidad de inyección de comandos en la función Tunnel 6in4 por medio del parámetro remote6in4. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petición diseñada
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-14 CVE Reserved
- 2022-03-15 CVE Published
- 2024-09-12 CVE Updated
- 2024-09-12 First Exploit
- 2024-12-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/wudipjq/my_vuln/blob/main/totolink/vuln_31/31.md | 2024-09-12 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Totolink Search vendor "Totolink" | X5000r Firmware Search vendor "Totolink" for product "X5000r Firmware" | 9.1.0u.6118_b20201102 Search vendor "Totolink" for product "X5000r Firmware" and version "9.1.0u.6118_b20201102" | - |
Affected
| in | Totolink Search vendor "Totolink" | X5000r Search vendor "Totolink" for product "X5000r" | - | - |
Safe
|
| Totolink Search vendor "Totolink" | A7000r Firmware Search vendor "Totolink" for product "A7000r Firmware" | 9.1.0u.6115_b20201022 Search vendor "Totolink" for product "A7000r Firmware" and version "9.1.0u.6115_b20201022" | - |
Affected
| in | Totolink Search vendor "Totolink" | A7000r Search vendor "Totolink" for product "A7000r" | - | - |
Safe
|