CVE-2022-28935

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.

Totolink A830R versión V5.9c.4729_B20191112, Totolink A3100R versión V4.1.2cu.5050_B20200504, Totolink A950RG versión V4.1.2cu.5161_B20200903, Totolink A800R versión V4.1.2cu.5137 B20200730, Totolink A3000RU versión V5.9c.5185_B20201128, Totolink A810R versión V4.1.2cu.5182_B20201026, Ha sido detectado que contenía una vulnerabilidad de inyección de comandos

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-11 CVE Reserved
2022-07-06 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F	2024-08-03
https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Totolink Search vendor "Totolink"	A830r Firmware Search vendor "Totolink" for product "A830r Firmware"	5.9c.4729_b20191112 Search vendor "Totolink" for product "A830r Firmware" and version "5.9c.4729_b20191112"	-	Affected	in	Totolink Search vendor "Totolink"	A830r Search vendor "Totolink" for product "A830r"	-	-	Safe
Totolink Search vendor "Totolink"	A3100r Firmware Search vendor "Totolink" for product "A3100r Firmware"	4.1.2cu.5050_b20200504 Search vendor "Totolink" for product "A3100r Firmware" and version "4.1.2cu.5050_b20200504"	-	Affected	in	Totolink Search vendor "Totolink"	A3100r Search vendor "Totolink" for product "A3100r"	-	-	Safe
Totolink Search vendor "Totolink"	A950rg Firmware Search vendor "Totolink" for product "A950rg Firmware"	4.1.2cu.5161_b20200903 Search vendor "Totolink" for product "A950rg Firmware" and version "4.1.2cu.5161_b20200903"	-	Affected	in	Totolink Search vendor "Totolink"	A950rg Search vendor "Totolink" for product "A950rg"	-	-	Safe
Totolink Search vendor "Totolink"	A800r Firmware Search vendor "Totolink" for product "A800r Firmware"	4.1.2cu.5137_b20200730 Search vendor "Totolink" for product "A800r Firmware" and version "4.1.2cu.5137_b20200730"	-	Affected	in	Totolink Search vendor "Totolink"	A800r Search vendor "Totolink" for product "A800r"	-	-	Safe
Totolink Search vendor "Totolink"	A3000ru Firmware Search vendor "Totolink" for product "A3000ru Firmware"	5.9c.5185_b20201128 Search vendor "Totolink" for product "A3000ru Firmware" and version "5.9c.5185_b20201128"	-	Affected	in	Totolink Search vendor "Totolink"	A3000ru Search vendor "Totolink" for product "A3000ru"	-	-	Safe
Totolink Search vendor "Totolink"	A810r Firmware Search vendor "Totolink" for product "A810r Firmware"	4.1.2cu.5182_b20201026 Search vendor "Totolink" for product "A810r Firmware" and version "4.1.2cu.5182_b20201026"	-	Affected	in	Totolink Search vendor "Totolink"	A810r Search vendor "Totolink" for product "A810r"	-	-	Safe