Command injection

2022-02-1900:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.141 Low

EPSS

Percentile

95.7%

JSON

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

CPENameOperatorVersion
t10_firmwareeqv4.1.8cu.5207-b20210320
t6_firmwareeqv4.1.5cu.748-b20211015

CPE	Name	Operator	Version
	t10_firmware	eq	v4.1.8cu.5207-b20210320
	t6_firmware	eq	v4.1.5cu.748-b20211015

References

exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2022-25136

github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_17/17.md