TotoLink A800R 操作系统命令注入漏洞

TOTOLink A860R is a wireless router from TotoLink, China.TOTOLink A860R V4.1.2cu.5182B20201027 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...

PT-2022-3855 · Totolink · Totolink A830R

Name of the Vulnerable Software and Affected Versions: TOTOLink A830R version V5.9c.4729 B20191112 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink A830R router's firmware. This allows a remote attacker to execute arbitrary commands...

PT-2022-3896 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLink A3600R version 4.1.2cu.5182 B20201102 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A3600R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-3934 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLink A950RG versions V4.1.2cu.5204 B20210112 through V5.9c.4050 B20190424 Description: The issue is related to the "Main" function of the TOTOLink A950RG router's firmware, which lacks input data sanitization. This allows a remote attacke...

PT-2022-2961

Name of the Vulnerable Software and Affected Versions TOTOLink A3000RU version V5.9c.2280 B20180512 Description The issue is related to a command injection vulnerability in the "Main" function, which is caused by insufficient argument checking. This allows attackers to execute arbitrary commands...

PT-2022-3893 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLink T6 version V5.9c.4085 B20190428 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink T6 mesh system's firmware. This allows a remote attacker to execute arbitrary commands...

PT-2022-3858 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLink T10 version V5.9c.5061 B20200511 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink T10 mesh system. This allows a remote attacker to execute arbitrary commands through the...

PT-2022-3895 · Totolink · Totolink A860R

Name of the Vulnerable Software and Affected Versions: TOTOLink A860R version V4.1.2cu.5182 B20201027 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A860R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-3894 · Totolink · Totolink A3100R

Name of the Vulnerable Software and Affected Versions: TOTOLink A3100R version 4.1.2cu.5050 B20200504 Description: The issue is related to a command injection vulnerability in the "Main" function, which is caused by a lack of input data sanitization. This allows attackers to execute arbitrary...

PT-2022-3856 · Totolink · Totolink A810R

Name of the Vulnerable Software and Affected Versions: TOTOLink A810R version 4.1.2cu.5182 B20201026 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A810R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-3857 · Totolink · Totolink A800R

Name of the Vulnerable Software and Affected Versions: TOTOLink A800R version 4.1.2cu.5137 B20200730 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A800R router's firmware. This vulnerability is caused by the lack of input data...

GHSA-V9P9-535W-4285 Prototype Pollution in litespeed.js and appwrite/server-ce

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

Prototype Pollution in litespeed.js and appwrite/server-ce

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

CVE-2021-23682

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

CVE-2021-23682 Prototype Pollution

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

CVE-2021-23682

Prototype pollution vulnerability in litespeed.js (

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

litespeed.js 安全漏洞

litespeed.js is a lean and fast micro JavaScript framework. A security vulnerability exists in litespeed.js prior to version 0.3.12, which stems from a Prototype Pollution vulnerability when parsing a query string in the getJsonFromUrl function, where keys set in the result object are not properl...

CVE-2021-24878

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-45742

TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...