CVE-2022-25136

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:t6_firmware:v4.1.5cu.748_b20211015:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t6:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:totolink:t10_firmware:v4.1.8cu.5207_b20210320:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t10:-:*:*:*:*:*:*:*

Information

Published : 2022-02-18 16:15

Updated : 2022-02-28 08:36


NVD link : CVE-2022-25136

Mitre link : CVE-2022-25136


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

totolink

  • t10_firmware
  • t10
  • t6_firmware
  • t6