190 matches found
Command injection
TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A830R V5.9c.4729B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Totolink A3100R 操作系统命令注入漏洞
Totolink A3100R is a series of wireless routers from Totolink China.A command injection vulnerability exists in Totolink A3100R V4.1.2cu.5050B20200504, which stems from the failure to properly filter special characters, commands, etc. in the QUERYSTRING parameter in the Main function. An attacker...
CVE-2022-25083
TOTOLink A860R firmware v4.1.2cu.5182_B20201027 contains a command-injection vulnerability in the Main function. An unauthenticated attacker can pass crafted QUERY_STRING parameters to execute arbitrary commands remotely. CVSS v3.1 base score 9.8 (CRITICAL); attack vector NETWORK, no privileges r...
CVE-2022-25082
Totolink A950RG firmware versions V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 contain a command-injection vulnerability in the Main function, allowing arbitrary commands via the QUERY_STRING parameter. Impact can be high: network-based, unauthenticated, with high confidentiality, integrity, ...
CVE-2022-25081
TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25081
Totolink T10 firmware V5.9c.5061_B20200511 is affected by CVE-2022-25081, a command-injection in the Main function that allows arbitrary commands via the QUERY_STRING parameter. CVSS v3.1 base score 9.8 (CRITICAL) with network access, low attack complexity, and no authentication required. Several...
CVE-2022-25080
CVE-2022-25080 affects TOTOLink A830R firmware, specifically version V5.9c.4729_B20191112, where the vulnerability is a command injection in the Main function. The issue allows remote attackers to execute arbitrary commands via the QUERY_STRING parameter, with impact described as potential remote...
CVE-2022-25079
CVE-2022-25079 affects TOTOLink A810R firmware version 4.1.2cu.5182_B20201026. The issue is described as a command injection in the router’s Main function, allowing an attacker to execute arbitrary commands through the QUERY_STRING parameter. Multiple sources corroborate a remote, unauthenticated...
CVE-2022-25077
Affected device and version: TOTOLink A3100R, version 4.1.2cu.5050_B20200504. Vulnerability type: command injection in the Main function, exploitable via the QUERY_STRING parameter. Root cause described as lack of input validation/filtering in Main. Impact (as stated): attacker could execute arbi...
CVE-2022-25078
TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
PT-2022-3856 · Totolink · Totolink A810R
Name of the Vulnerable Software and Affected Versions: TOTOLink A810R version 4.1.2cu.5182 B20201026 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A810R router's firmware. This vulnerability is caused by the lack of input data...
PT-2022-2961
Name of the Vulnerable Software and Affected Versions TOTOLink A3000RU version V5.9c.2280 B20180512 Description The issue is related to a command injection vulnerability in the "Main" function, which is caused by insufficient argument checking. This allows attackers to execute arbitrary commands...
PT-2022-3858 · Totolink · Totolink T10
Name of the Vulnerable Software and Affected Versions: TOTOLink T10 version V5.9c.5061 B20200511 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink T10 mesh system. This allows a remote attacker to execute arbitrary commands through the...