cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-48069,https://securityvulnerability.io/vulnerability/CVE-2022-48069,Command Injection Vulnerability in Totolink A830R Router,"The Totolink A830R router, specifically version V4.1.2cu.5182, is susceptible to a command injection vulnerability through the QUERY_STRING parameter. This flaw allows an attacker to execute arbitrary commands on the device, potentially leading to unauthorized access and manipulation of the router's settings. Remediation steps should be taken to secure the device and mitigate risks associated with this vulnerability.",Totolink,A830r Firmware,7.5,HIGH,0.00827999971807003,false,,false,false,false,,,false,false,,2023-01-27T00:00:00.000Z,0
CVE-2022-48067,https://securityvulnerability.io/vulnerability/CVE-2022-48067,Information Disclosure in Totolink Router Affecting Multiple Versions,"An information disclosure vulnerability present in the Totolink A830R router (version V4.1.2cu.5182) enables attackers to potentially gain access to sensitive information, such as the root password. The vulnerability is primarily exploitable through a brute-force attack method, which can allow malicious actors to bypass security measures and exploit affected systems. Users are advised to take caution and apply vendor recommendations to mitigate risk.",Totolink,A830r Firmware,5.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-01-27T00:00:00.000Z,0
CVE-2022-48066,https://securityvulnerability.io/vulnerability/CVE-2022-48066,Authentication Bypass Vulnerability in Totolink A830R Router,"An issue has been identified in the global.so component of the Totolink A830R router, specifically in version V4.1.2cu.5182, permitting attackers to bypass the authentication mechanism by utilizing specially crafted cookies. This vulnerability poses a serious risk, allowing unauthorized access to the device and potentially leading to further exploits. Users are strongly advised to implement security measures immediately to mitigate the risks associated with this flaw.",Totolink,A830r Firmware,9.8,CRITICAL,0.008310000412166119,false,,false,false,false,,,false,false,,2023-01-27T00:00:00.000Z,0
CVE-2022-28935,https://securityvulnerability.io/vulnerability/CVE-2022-28935,Command Injection Vulnerability in Totolink Routers,"Several Totolink router models are susceptible to a command injection vulnerability that allows an attacker to execute arbitrary commands on the affected devices. This flaw potentially compromises network integrity and may enable unauthorized access, affecting the overall security posture of devices connected to these routers.",Totolink,A830r Firmware,7.2,HIGH,0.01334999967366457,false,,false,false,false,,,false,false,,2022-07-06T12:24:38.000Z,0
CVE-2022-26214,https://securityvulnerability.io/vulnerability/CVE-2022-26214,"Command Injection Flaw in Totolink Routers A830R, A3100R, A950RG, A800R, A3000RU, A810R","The command injection vulnerability in specific Totolink router models allows attackers to exploit the NTPSyncWithHost function. By manipulating the host_time parameter, attackers can execute arbitrary commands, potentially compromising the security of the device and the network it is connected to. It is crucial for users of these devices to implement patches and security measures to mitigate this risk.",Totolink,A830r Firmware,9.8,CRITICAL,0.008410000242292881,false,,false,false,false,,,false,false,,2022-03-15T21:56:18.000Z,0
CVE-2022-26211,https://securityvulnerability.io/vulnerability/CVE-2022-26211,Command Injection Vulnerability in Totolink Routers,"Several Totolink router models, including A830R and A3100R, are susceptible to a command injection vulnerability in the CloudACMunualUpdate function. This issue arises from improper handling of the deviceMac and deviceName parameters, allowing attackers to send specially crafted requests that execute arbitrary commands on the affected devices. Network administrators should take immediate steps to secure their routers by applying the latest firmware updates and reviewing their configuration for potential exploits.",Totolink,A830r Firmware,9.8,CRITICAL,0.01558000035583973,false,,false,false,false,,,false,false,,2022-03-15T21:56:17.000Z,0
CVE-2022-26212,https://securityvulnerability.io/vulnerability/CVE-2022-26212,Command Injection Vulnerability in Totolink Routers,"Multiple models of Totolink routers have been found to possess a command injection vulnerability within the setDeviceName function. Attackers can exploit this vulnerability by sending specially crafted requests that manipulate the deviceMac and deviceName parameters, enabling them to execute arbitrary commands on the affected devices. This security flaw can lead to unauthorized access and severe impacts on the network's integrity.",Totolink,A830r Firmware,9.8,CRITICAL,0.01558000035583973,false,,false,false,false,,,false,false,,2022-03-15T21:56:17.000Z,0
CVE-2022-26210,https://securityvulnerability.io/vulnerability/CVE-2022-26210,Command Injection Vulnerability in Totolink Routers,"Certain models of Totolink routers, including the A830R, A3100R, A950RG, A800R, A3000RU, and A810R, are susceptible to a command injection vulnerability via the setUpgradeFW function. By exploiting the vulnerability through a specially crafted request targeting the FileName parameter, attackers can execute arbitrary commands on the affected devices, potentially compromising network security. It is critical for users of these routers to implement immediate patches and monitor for unusual activity to protect their systems.",Totolink,A830r Firmware,9.8,CRITICAL,0.01558000035583973,false,,false,false,false,,,false,false,,2022-03-15T21:56:16.000Z,0
CVE-2022-26209,https://securityvulnerability.io/vulnerability/CVE-2022-26209,Command Injection in Totolink Routers,"Totolink routers, specifically models A830R, A3100R, A950RG, A800R, A3000RU, and A810R, contain a command injection vulnerability in the setUploadSetting function. This vulnerability can be exploited by attackers through the FileName parameter, enabling them to execute arbitrary commands by sending specially crafted requests. As such, it poses a significant risk to the integrity and security of the affected devices.",Totolink,A830r Firmware,9.8,CRITICAL,0.01558000035583973,false,,false,false,false,,,false,false,,2022-03-15T21:56:16.000Z,0
CVE-2022-26208,https://securityvulnerability.io/vulnerability/CVE-2022-26208,Command Injection Vulnerability in Totolink Routers and Access Points,"Totolink routers and access points, including models A830R, A3100R, A950RG, A800R, A3000RU, and A810R, have been found to be susceptible to a command injection vulnerability. This issue arises in the 'setWebWlanIdx' function when the 'webWlanIdx' parameter is improperly validated, allowing attackers to execute arbitrary commands by sending specially crafted requests. The exploitation of this vulnerability can lead to unauthorized access and compromised network integrity, posing significant risks to both users and network administrators.",Totolink,A830r Firmware,9.8,CRITICAL,0.007809999864548445,false,,false,false,false,,,false,false,,2022-03-15T21:56:14.000Z,0
CVE-2022-26207,https://securityvulnerability.io/vulnerability/CVE-2022-26207,Command Injection Vulnerability in Totolink Products,"Certain Totolink routers are affected by a command injection vulnerability found in the setDiagnosisCfg function, specifically through the manipulation of the ipDomain parameter. This security flaw permits malicious actors to execute arbitrary commands on the affected devices via specially crafted requests, potentially leading to unauthorized access or control over the devices.",Totolink,A830r Firmware,9.8,CRITICAL,0.01558000035583973,false,,false,false,false,,,false,false,,2022-03-15T21:56:14.000Z,0
CVE-2022-26206,https://securityvulnerability.io/vulnerability/CVE-2022-26206,Command Injection in Totolink Routers Affecting Multiple Models,"Totolink routers, including models A830R, A3100R, A950RG, A800R, A3000RU, and A810R, have been identified to contain a command injection vulnerability within the setLanguageCfg function. An attacker can exploit this vulnerability via the langType parameter, enabling them to execute arbitrary commands through specially crafted requests. This flaw poses significant risks to the integrity and security of the devices, potentially allowing unauthorized access and control.",Totolink,A830r Firmware,9.8,CRITICAL,0.01558000035583973,false,,false,false,false,,,false,false,,2022-03-15T21:56:13.000Z,0
CVE-2022-25080,https://securityvulnerability.io/vulnerability/CVE-2022-25080,Command Injection Vulnerability in TOTOLink A830R Router,"TOTOLink A830R routers have a command injection vulnerability within the 'Main' function that allows attackers to send specially crafted requests through the QUERY_STRING parameter. Exploiting this flaw can enable unauthorized execution of arbitrary commands on the device, posing significant security risks to users and their networks.",Totolink,A830r Firmware,9.8,CRITICAL,0.00546000013127923,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0