Lucene search

[email protected]NVD:CVE-2022-40109

HistorySep 06, 2022 - 5:15 p.m.

CVE-2022-40109

2022-09-0617:15:08

CWE-276

[email protected]

web.nvd.nist.gov

totolink a3002r

vulnerability

insecure permissions

binary

boa

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

86.0%

JSON

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.

Affected configurations

Nvd

Node

totolinka3002r_firmwareMatch1.1.1-b20200824.0128

AND

totolinka3002rMatch-

VendorProductVersionCPE
totolinka3002r_firmware1.1.1-b20200824.0128cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824.0128:*:*:*:*:*:*:*
totolinka3002r-cpe:2.3:h:totolink:a3002r:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	a3002r_firmware	1.1.1-b20200824.0128	cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824.0128:::::::*
totolink	a3002r	-	cpe:2.3:h:totolink:a3002r:-:::::::*

References

github.com/1759134370/iot/blob/main/TOTOLINK/A3002R/1.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

86.0%

JSON

Related for NVD:CVE-2022-40109

prion1 cvelist1 cve1