Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-54652
HistoryMay 20, 2022 - 12:00 a.m.

TotoLink A3100R Command Injection Vulnerability (CNVD-2022-54652)

2022-05-2000:00:00
China National Vulnerability Database
www.cnvd.org.cn
16
totolink
a3100r
wireless routers
vulnerability
command injection
taiwan
china
version
uci
cloudupdate_config
magicid parameter
arbitrary command execution

EPSS

0.031

Percentile

91.1%

JSON

TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 are vulnerable to command injection, which originates from uci_ cloudupdate_config function in the magicid parameter fails to properly filter the construction command special characters, commands, etc., and an attacker can use this vulnerability to cause arbitrary command execution.

Related

cve 1
cvelist 1
prion 1
nvd 1
cve
cve
CVE-2022-29639
2022-05-18 12:15:08
cvelist
cvelist
CVE-2022-29639
2022-05-18 11:50:44
prion
prion
Command injection
2022-05-18 12:15:00
nvd
nvd
CVE-2022-29639
2022-05-18 12:15:08

EPSS

0.031

Percentile

91.1%

JSON
Related for CNVD-2022-54652
cve1cvelist1prion1nvd1