Lucene search

[email protected]CVE-2021-46007

HistoryMar 30, 2022 - 11:15 p.m.

CVE-2021-46007

2022-03-3023:15:07

CWE-78

[email protected]

web.nvd.nist.gov

cve-2021-46007

totolink a3100r

v5.9c.4577

os command injection

ping command

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

JSON

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the “ping” command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.

Affected configurations

NVD

Node

totolinkar3100r_firmwareMatch5.9c.4577

AND

totolinkar3100rMatch-

CPENameOperatorVersion
totolink:ar3100r_firmwaretotolink ar3100r firmwareeq5.9c.4577

CPE	Name	Operator	Version
totolink:ar3100r_firmware	totolink ar3100r firmware	eq	5.9c.4577

References

a3100r.com

totolink.com

hackmd.io/t_nRWxS2Q2O7GV2E5BhQMg

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2021-46007

prion1 nvd1 cnvd1 cvelist1