CVE-2022-28910

Summary (CVE-2022-28910) : A command injection vulnerability exists in TOTOLink N600R router due to the devicename parameter in the API endpoint /setting/setDeviceName . The issue, observed in version V5.3c.7159_B20190425, could allow an unauthenticated or remote attacker to inject and execute ar...

CVE-2022-28905

TOTOLink N600R (versions including V5.3c.7159_B20190425) contains a command injection vulnerability reachable through the devicemac parameter in the /setting/setDeviceName API. The root cause is an unsafely handled input in the devicemac field, enabling arbitrary command execution on the device. ...

TOTOLINK N600R 操作系统命令注入漏洞

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, China.A command injection vulnerability exists in TOTOLINK N600R, which can be exploited by attackers to conduct command injection attacks via the devicemac parameter in /setting/setDeviceName...

PT-2022-19305 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version V5.3c.7159 B20190425 Description: A command injection issue was found via the devicename parameter in the "/setting/setDeviceName" API endpoint. This allows for potential exploitation. Recommendations: For TOTOLink N600...

TOTOLINK N600R 操作系统命令注入漏洞

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the devicename parameter in /etting/setDeviceName...

CVE-2022-26212

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...