Lucene search
MitreCVE-2022-28496HistoryMar 23, 2023 - 5:15 p.m.
CVE-2022-28496
2023-03-2317:15:13
CWE-77
mitre
web.nvd.nist.gov
25
cve-2022-28496
totolink
outdoor cpe
cp900
command injection
vulnerability
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.087
Percentile
94.6%
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Affected configurations
Node
totolinkcp900_firmwareMatch6.3c.566_b20171026
totolinkcp900Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| totolink | cp900_firmware | 6.3c.566_b20171026 | cpe:2.3:o:totolink:cp900_firmware:6.3c.566_b20171026:*:*:*:*:*:*:* |
| totolink | cp900 | - | cpe:2.3:h:totolink:cp900:-:*:*:*:*:*:*:* |
Related
prion
prion
Command injection
2023-03-23 17:15:00
cvelist
cvelist
CVE-2022-28496
2023-03-23 00:00:00
nvd
nvd
CVE-2022-28496
2023-03-23 17:15:13
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.087
Percentile
94.6%
Related for CVE-2022-28496