CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
References
Link Resource
https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A3100R/README.md Exploit Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*

Information

Published : 2022-02-24 07:15

Updated : 2022-03-03 08:47


NVD link : CVE-2022-25077

Mitre link : CVE-2022-25077


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

totolink

  • a3100r
  • a3100r_firmware