Lucene search

[email protected]CVE-2022-26212

HistoryMar 15, 2022 - 10:15 p.m.

CVE-2022-26212

2022-03-1522:15:00

CWE-78

[email protected]

web.nvd.nist.gov

totolink

a830r

a3100r

a950rg

a800r

a3000ru

a810r

cve-2022-26212

command injection

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

JSON

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CPENameOperatorVersion
totolink:a830r_firmwaretotolink a830r firmwareeq5.9c.4729_b20191112
totolink:a3100r_firmwaretotolink a3100r firmwareeq4.1.2cu.5050_b20200504
totolink:a950rg_firmwaretotolink a950rg firmwareeq4.1.2cu.5161_b20200903
totolink:a800r_firmwaretotolink a800r firmwareeq4.1.2cu.5137_b20200730
totolink:a3000ru_firmwaretotolink a3000ru firmwareeq5.9c.5185_b20201128
totolink:a810r_firmwaretotolink a810r firmwareeq4.1.2cu.5182_b20201026

CPE	Name	Operator	Version
totolink:a830r_firmware	totolink a830r firmware	eq	5.9c.4729_b20191112
totolink:a3100r_firmware	totolink a3100r firmware	eq	4.1.2cu.5050_b20200504
totolink:a950rg_firmware	totolink a950rg firmware	eq	4.1.2cu.5161_b20200903
totolink:a800r_firmware	totolink a800r firmware	eq	4.1.2cu.5137_b20200730
totolink:a3000ru_firmware	totolink a3000ru firmware	eq	5.9c.5185_b20201128
totolink:a810r_firmware	totolink a810r firmware	eq	4.1.2cu.5182_b20201026

References

github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

JSON

Related for CVE-2022-26212

cvelist1 prion1 checkpoint_advisories1