Lucene search

[email protected]CVE-2022-36455

HistoryAug 25, 2022 - 3:15 p.m.

CVE-2022-36455

2022-08-2515:15:08

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-36455

totolink a3600r

command injection

vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.4%

JSON

TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.

Affected configurations

NVD

Node

totolinka3600rMatch-

AND

totolinka3600r_firmwareMatch4.1.2cu.5182_b20201102

CPENameOperatorVersion
totolink:a3600r_firmwaretotolink a3600r firmwareeq4.1.2cu.5182_b20201102

CPE	Name	Operator	Version
totolink:a3600r_firmware	totolink a3600r firmware	eq	4.1.2cu.5182_b20201102

References

github.com/Darry-lang1/vuln/blob/main/TOTOLINK/A3600R/1/readme.md

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.4%

JSON

Related for CVE-2022-36455

cvelist1 nvd1 prion1