Command injection

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

Command injection

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

Totolink A3100R 操作系统命令注入漏洞

Totolink A3100R is a series of wireless routers from Totolink China.A command injection vulnerability exists in Totolink A3100R V4.1.2cu.5050B20200504, which stems from the failure to properly filter special characters, commands, etc. in the QUERYSTRING parameter in the Main function. An attacker...

CVE-2022-25083

TOTOLink A860R firmware v4.1.2cu.5182_B20201027 contains a command-injection vulnerability in the Main function. An unauthenticated attacker can pass crafted QUERY_STRING parameters to execute arbitrary commands remotely. CVSS v3.1 base score 9.8 (CRITICAL); attack vector NETWORK, no privileges r...

CVE-2022-25082

Totolink A950RG firmware versions V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 contain a command-injection vulnerability in the Main function, allowing arbitrary commands via the QUERY_STRING parameter. Impact can be high: network-based, unauthenticated, with high confidentiality, integrity, ...

CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25081

Totolink T10 firmware V5.9c.5061_B20200511 is affected by CVE-2022-25081, a command-injection in the Main function that allows arbitrary commands via the QUERY_STRING parameter. CVSS v3.1 base score 9.8 (CRITICAL) with network access, low attack complexity, and no authentication required. Several...

CVE-2022-25080

CVE-2022-25080 affects TOTOLink A830R firmware, specifically version V5.9c.4729_B20191112, where the vulnerability is a command injection in the Main function. The issue allows remote attackers to execute arbitrary commands via the QUERY_STRING parameter, with impact described as potential remote...

CVE-2022-25079

CVE-2022-25079 affects TOTOLink A810R firmware version 4.1.2cu.5182_B20201026. The issue is described as a command injection in the router’s Main function, allowing an attacker to execute arbitrary commands through the QUERY_STRING parameter. Multiple sources corroborate a remote, unauthenticated...

CVE-2022-25077

Affected device and version: TOTOLink A3100R, version 4.1.2cu.5050_B20200504. Vulnerability type: command injection in the Main function, exploitable via the QUERY_STRING parameter. Root cause described as lack of input validation/filtering in Main. Impact (as stated): attacker could execute arbi...

CVE-2022-25078

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

PT-2022-3856 · Totolink · Totolink A810R

Name of the Vulnerable Software and Affected Versions: TOTOLink A810R version 4.1.2cu.5182 B20201026 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A810R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-3858 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLink T10 version V5.9c.5061 B20200511 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink T10 mesh system. This allows a remote attacker to execute arbitrary commands through the...

PT-2022-2961

Name of the Vulnerable Software and Affected Versions TOTOLink A3000RU version V5.9c.2280 B20180512 Description The issue is related to a command injection vulnerability in the "Main" function, which is caused by insufficient argument checking. This allows attackers to execute arbitrary commands...

PT-2022-3934 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLink A950RG versions V4.1.2cu.5204 B20210112 through V5.9c.4050 B20190424 Description: The issue is related to the "Main" function of the TOTOLink A950RG router's firmware, which lacks input data sanitization. This allows a remote attacke...

PT-2022-3895 · Totolink · Totolink A860R

Name of the Vulnerable Software and Affected Versions: TOTOLink A860R version V4.1.2cu.5182 B20201027 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A860R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-3857 · Totolink · Totolink A800R

Name of the Vulnerable Software and Affected Versions: TOTOLink A800R version 4.1.2cu.5137 B20200730 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A800R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-3894 · Totolink · Totolink A3100R

Name of the Vulnerable Software and Affected Versions: TOTOLink A3100R version 4.1.2cu.5050 B20200504 Description: The issue is related to a command injection vulnerability in the "Main" function, which is caused by a lack of input data sanitization. This allows attackers to execute arbitrary...

CVE-2021-45742

TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

Command injection

TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...