Description
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the “Main” function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
**Recent assessments:**
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
Related
{"id": "AKB:407C1538-00DC-45A3-8AED-54320CE31C43", "vendorId": null, "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2022-25079", "description": "TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the \u201cMain\u201d function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "published": "2022-02-24T00:00:00", "modified": "2022-02-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://attackerkb.com/topics/NDwnFX8ei1/cve-2022-25079", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25079", "https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md"], "cvelist": ["CVE-2022-25079"], "immutableFields": [], "lastseen": "2022-04-04T20:31:44", "viewCount": 20, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "attackerkb": {"attackerValue": 0, "exploitability": 0}, "wildExploited": true, "wildExploitedCategory": {"News Article or Blog": ""}, "wildExploitedReports": [{"category": "News Article or Blog", "source_url": "https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign", "published": "2022-04-04T18:48:00"}], "references_categories": {"Canonical": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25079"], "Miscellaneous": ["https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A810R/README.md"]}, "tags": [], "mitre_vector": {}, "last_activity": "2022-04-04T18:48:00"}
{"cve": [{"lastseen": "2022-03-23T10:25:50", "description": "TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the \"Main\" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-24T15:15:00", "type": "cve", "title": "CVE-2022-25079", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25079"], "modified": "2022-03-03T16:49:00", "cpe": ["cpe:/o:totolink:a810r_firmware:4.1.2cu.5182_b20201026"], "id": "CVE-2022-25079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25079", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*"]}]}
CVE-2022-25079
