Lucene search

MitreCVE-2022-28494

HistoryMar 23, 2023 - 1:15 a.m.

CVE-2022-28494

2023-03-2301:15:11

CWE-78

mitre

web.nvd.nist.gov

totolink

outdoor cpe

cp900

v6.3c.566_b20171026

command injection

vulnerability

cve-2022-28494

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.041

Percentile

92.3%

JSON

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Affected configurations

Nvd

Node

totolinkcp900_firmwareMatch6.3c.566_b20171026

AND

totolinkcp900Match-

VendorProductVersionCPE
totolinkcp900_firmware6.3c.566_b20171026cpe:2.3:o:totolink:cp900_firmware:6.3c.566_b20171026:*:*:*:*:*:*:*
totolinkcp900-cpe:2.3:h:totolink:cp900:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	cp900_firmware	6.3c.566_b20171026	cpe:2.3:o:totolink:cp900_firmware:6.3c.566_b20171026:::::::*
totolink	cp900	-	cpe:2.3:h:totolink:cp900:-:::::::*

References

github.com/B2eFly/CVE/blob/main/totolink/CP900/5/5.md

github.com/B2eFly/Router/blob/main/totolink/CP900/5/5.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.041

Percentile

92.3%

JSON

Related for CVE-2022-28494