CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/05/05 7:15 p.m.•0 views

CVE-2022-27411

TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...

9.8CVSS7.3AI score

Exploits0References1

ATTACKERKB•added 2022/05/05 7:15 p.m.•2 views

CVE-2022-27411

TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...

10CVSS5.9AI score0.0477EPSS

Exploits1References2

Prion•added 2022/05/05 7:15 p.m.•16 views

Command injection

TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...

10CVSS9.8AI score0.0477EPSS

Exploits1References1Affected Software1

CVE•added 2022/05/05 6:5 p.m.•79 views

CVE-2022-27411

TOTOLINK N600R is affected by a command injection vulnerability in the Main function, exploitable via the QUERY_STRING parameter. The issue affects version 5.3c.5507_B20171031 and can allow remote command execution over the network without user interaction. Multiple connected sources corroborate ...

10CVSS9.8AI score0.0477EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/05/05 6:5 p.m.•19 views

CVE-2022-27411

TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...

10AI score0.0477EPSS

Positive Technologies•added 2022/05/05 12:0 a.m.•1 views

PT-2022-18408 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 5.3c.5507 B20171031 Description: A command injection issue was discovered via the QUERY STRING parameter in the Main function. This allows for potential exploitation. Recommendations: For TOTOLINK N600R version 5.3c.550...

10CVSS9.6AI score0.0477EPSS

Exploits1References3

Veracode•added 2022/04/21 11:5 a.m.•24 views

Privilege Escalation

github.com/bottlerocket-os/hotdog is vulnerable to privilege escalation. The vulnerability exists in main function in main.go due to an incomplete fix for CVE-2021-3101, because the target JVM processor doesn't limit the resources and filters which allows an attacker to gain access on host and...

8.8CVSS5.5AI score0.0004EPSS

Exploits2References6Affected Software1

Veracode•added 2022/04/21 9:48 a.m.•25 views

Authentication Bypass

github.com/bottlerocket-os/hotdog is vulnerable to authentication bypass. The vulnerability exists in the main function in main.go because the container doesn't match the selinux label of the target JVM process which allows an attacker to gain access on host and perform unauthorized actions...

8.8CVSS3.5AI score0.0004EPSS

Exploits1References6Affected Software1

9.8CVSS7.7AI score0.84255EPSS

VulnCheck KEV: CVE-2022-25084

TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25078

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV•added 2022/04/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25080

TOTOLink A830R V5.9c.4729B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.89573EPSS

VulnCheck KEV: CVE-2022-25082

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25083

TOTOLink A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV•added 2022/04/01 12:0 a.m.•1 views

VulnCheck KEV: CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.7AI score0.42094EPSS

VulnCheck KEV: CVE-2022-25075

TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CNVD•added 2022/02/28 12:0 a.m.•15 views

TOTOLink A3100R Command Injection Vulnerability (CNVD-2022-17024)

Totolink A3100R is a series of wireless routers from Totolink China.A command injection vulnerability exists in Totolink A3100R V4.1.2cu.5050B20200504, which stems from the failure to properly filter special characters, commands, etc. in the QUERYSTRING parameter in the Main function. An attacker...

9.8CVSS6.3AI score0.51028EPSS