64 matches found
CVE-2022-25081
TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25075
TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25079
TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25077
TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25083
TOTOLink A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A830R V5.9c.4729B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
Command injection
TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25082
Totolink A950RG firmware versions V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 contain a command-injection vulnerability in the Main function, allowing arbitrary commands via the QUERY_STRING parameter. Impact can be high: network-based, unauthenticated, with high confidentiality, integrity, ...
CVE-2022-25081
TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25081
Totolink T10 firmware V5.9c.5061_B20200511 is affected by CVE-2022-25081, a command-injection in the Main function that allows arbitrary commands via the QUERY_STRING parameter. CVSS v3.1 base score 9.8 (CRITICAL) with network access, low attack complexity, and no authentication required. Several...
CVE-2022-25080
CVE-2022-25080 affects TOTOLink A830R firmware, specifically version V5.9c.4729_B20191112, where the vulnerability is a command injection in the Main function. The issue allows remote attackers to execute arbitrary commands via the QUERY_STRING parameter, with impact described as potential remote...
CVE-2022-25079
CVE-2022-25079 affects TOTOLink A810R firmware version 4.1.2cu.5182_B20201026. The issue is described as a command injection in the router’s Main function, allowing an attacker to execute arbitrary commands through the QUERY_STRING parameter. Multiple sources corroborate a remote, unauthenticated...
CVE-2022-25079
TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25077
TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25077
Affected device and version: TOTOLink A3100R, version 4.1.2cu.5050_B20200504. Vulnerability type: command injection in the Main function, exploitable via the QUERY_STRING parameter. Root cause described as lack of input validation/filtering in Main. Impact (as stated): attacker could execute arbi...
CVE-2022-25078
TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...