Lucene search
China National Vulnerability DatabaseCNVD-2022-22307HistoryMar 17, 2022 - 12:00 a.m.
Totolink X5000R Command Injection Vulnerability
2022-03-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
totolink x5000r
command injection
vulnerability
china-based jion electronics
setntpcfg function
filter failure
crafted requests
arbitrary commands
cnvd
EPSS
0.089
Percentile
94.7%
Totolink X5000R is a router from China-based Jion Electronics (Totolink). a command injection vulnerability exists in Totolink X5000R v9.1.0u.6118_B20201102, which stems from a failure of the tz parameter in the setNtpCfg function to properly filter the special element of the constructed command. An attacker could exploit this vulnerability to execute arbitrary commands via crafted requests.
Related
nvd
nvd
CVE-2022-26213
2022-03-15 22:15:14
checkpoint_advisories
checkpoint_advisories
TOTOLINK X5000R Command Injection (CVE-2022-26213)
2022-11-28 00:00:00
prion
prion
Command injection
2022-03-15 22:15:00
cvelist
cvelist
CVE-2022-26213
2022-03-15 21:56:18
cve
cve
CVE-2022-26213
2022-03-15 22:15:14