CVEDB API

Vulnerabilities

Vulnerable Software

Totolink: >> Cp900 Firmware >> 6.3c.566_b20171026 Security Vulnerabilities

CVE-2022-28495

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS Score

9.8

EPSS Score

0.006

Published

2023-03-24

CVE-2022-28496

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS Score

9.8

EPSS Score

0.002

Published

2023-03-23

CVE-2022-28497

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS Score

9.8

EPSS Score

0.002

Published

2023-03-23

CVE-2022-28491

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS Score

9.8

EPSS Score

0.006

Published

2023-03-23

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS Score

9.8

EPSS Score

0.006

Published

2023-03-23

Page 1

Vulnerabilities

Vulnerable Software

Totolink: >> Cp900 Firmware >> 6.3c.566_b20171026 Security Vulnerabilities

Products

Pricing

Contact Us