Security Vulnerabilities - CVEs Published In February 2022
TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.551
Published
2022-02-24
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.061
Published
2022-02-24
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.061
Published
2022-02-24
TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.061
Published
2022-02-24
TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.061
Published
2022-02-24
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.852
Published
2022-02-24
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.061
Published
2022-02-24
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.833
Published
2022-02-24
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-02-24
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-02-24