3 matches found
CVE-2022-28494
TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-28494
TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-28494
The CVE-2022-28494 entry relates to TOTOLink outdoor CPE CP900 (version 6.3c.566_B20171026). A command injection flaw exists in the setUpgradeFW function reachable via the filename parameter, allowing an attacker to execute arbitrary commands through a crafted request. The NVD metrics indicate a ...