Lucene search
MitreCVE-2022-28497HistoryMar 23, 2023 - 4:15 p.m.
CVE-2022-28497
2023-03-2316:15:11
CWE-77
mitre
web.nvd.nist.gov
25
totolink
outdoor
cpe
cp900
cve-2022-28497
vulnerability
command injection
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.087
Percentile
94.6%
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Affected configurations
Node
totolinkcp900_firmwareMatch6.3c.566_b20171026
totolinkcp900Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| totolink | cp900_firmware | 6.3c.566_b20171026 | cpe:2.3:o:totolink:cp900_firmware:6.3c.566_b20171026:*:*:*:*:*:*:* |
| totolink | cp900 | - | cpe:2.3:h:totolink:cp900:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-28497
2023-03-23 00:00:00
prion
prion
Command injection
2023-03-23 16:15:00
nvd
nvd
CVE-2022-28497
2023-03-23 16:15:11
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.087
Percentile
94.6%
Related for CVE-2022-28497