CVE-2022-25133

A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:t6_firmware:v4.1.5cu.748_b20211015:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t6:-:*:*:*:*:*:*:*

Information

Published : 2022-02-18 16:15

Updated : 2022-02-28 08:32


NVD link : CVE-2022-25133

Mitre link : CVE-2022-25133


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

totolink

  • t6_firmware
  • t6