cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-28495,https://securityvulnerability.io/vulnerability/CVE-2022-28495,Command Injection Vulnerability in TOTOLink Outdoor CPE CP900,"The TOTOLink outdoor CPE CP900, specifically the version V6.3c.566_B20171026, is susceptible to a command injection vulnerability in the setWebWlanIdx function. This issue arises due to improper validation of the webWlanIdx parameter, enabling attackers to send specially crafted requests that could lead to the execution of arbitrary commands on the device. Organizations using affected devices should evaluate their systems and implement appropriate security measures to mitigate any potential risks.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.005690000019967556,false,false,false,false,,false,false,2023-03-24T00:00:00.000Z,0
CVE-2022-28492,https://securityvulnerability.io/vulnerability/CVE-2022-28492,Remote Login Bypass Vulnerability in TOTOLINK Technology Products,"A vulnerability exists in TOTOLINK Technology's CPE devices with firmware version V6.3c.566, allowing remote attackers to bypass authentication mechanisms. This enables potential unauthorized access, putting the sensitive information and operations at risk. Users are advised to apply security updates and review access controls to mitigate this threat.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28493,https://securityvulnerability.io/vulnerability/CVE-2022-28493,Telnet Service Vulnerability in TOTOLINK CP900 Routers,"A security flaw in the TOTOLINK CP900 V6.3c.566 router permits unauthorized attackers to initiate the Telnet service, potentially compromising the device's integrity. This vulnerability can expose sensitive information and allow remote access, making it imperative for users to secure their devices against possible exploitation.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.013089999556541443,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28491,https://securityvulnerability.io/vulnerability/CVE-2022-28491,Command Injection Vulnerability in TOTOLink Outdoor CPE CP900 by TOTOLink,"TOTOLink's outdoor CPE CP900 device is susceptible to a command injection flaw within the NTPSyncWithHost function. Attackers can exploit this vulnerability by submitting a specially crafted request that manipulates the host_name parameter, enabling them to execute arbitrary commands on the device. This poses a serious risk to network integrity and security, making it essential for users to apply necessary updates and safeguards to protect their systems from potential exploits.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.01360000018030405,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28496,https://securityvulnerability.io/vulnerability/CVE-2022-28496,Command Injection Vulnerability in TOTOLink Outdoor CPE CP900,"TOTOLink CPE CP900 is vulnerable to command injection through the setPasswordCfg function. This vulnerability allows attackers to send specially crafted requests containing malicious commands via the adminuser and adminpass parameters. By exploiting this flaw, an attacker can execute arbitrary system commands, posing a significant risk to device integrity and network security.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.08950000256299973,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28497,https://securityvulnerability.io/vulnerability/CVE-2022-28497,Command Injection Vulnerability in TOTOLink Outdoor CPE CP900,"The TOTOLink Outdoor CPE CP900 version V6.3c.566_B20171026 has a command injection vulnerability present in the mtd_write_bootloader function. This weakness arises from improper handling of the filename parameter, allowing attackers to execute arbitrary commands by sending specially crafted requests to the device. Exploiting this vulnerability could lead to unauthorized access or control over the affected device, posing significant security risks for users.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.08950000256299973,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28494,https://securityvulnerability.io/vulnerability/CVE-2022-28494,Command Injection Vulnerability in TOTOLink CPE CP900 Outdoor Product,"The TOTOLink outdoor CPE CP900 device is vulnerable to a command injection flaw in its setUpgradeFW function. This issue arises when the filename parameter is improperly sanitized, allowing attackers to construct a malicious request that executes arbitrary system commands on the vulnerable device. Exploitation of this vulnerability poses significant risks to the integrity and functionality of the affected device, potentially leading to unauthorized access and control.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.01360000018030405,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0