3 matches found
CVE-2022-25083
TOTOLink A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
TOTOLink A860R Command Injection (CVE-2022-25076; CVE-2022-25078; CVE-2022-25079; CVE-2022-25080; CVE-2022-25081; CVE-2022-25082; CVE-2022-25083; CVE-2022-25084)
A command injection vulnerability exists in TOTOLink A860R. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-25083
TOTOLink A860R firmware v4.1.2cu.5182_B20201027 contains a command-injection vulnerability in the Main function. An unauthenticated attacker can pass crafted QUERY_STRING parameters to execute arbitrary commands remotely. CVSS v3.1 base score 9.8 (CRITICAL); attack vector NETWORK, no privileges r...