CVE-2022-25078: OS Command Injection
First published: Tue Feb 22 2022(Updated: )
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A3600r Firmware | =4.1.2cu.5182_b20201102 | |
| Totolink A3600r Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this TOTOLink A3600R vulnerability?
The vulnerability ID for this TOTOLink A3600R vulnerability is CVE-2022-25078.
What is the severity of CVE-2022-25078?
The severity of CVE-2022-25078 is critical with a CVSS score of 9.8.
What is the affected software version of CVE-2022-25078?
The affected software version of CVE-2022-25078 is Totolink A3600R Firmware 4.1.2cu.5182_B20201102.
How can attackers exploit CVE-2022-25078?
Attackers can exploit CVE-2022-25078 by executing arbitrary commands via the QUERY_STRING parameter.
Is there a fix available for CVE-2022-25078?
Please refer to the given reference link for details on how to fix CVE-2022-25078.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/totolink
- canonical/totolink a3600r firmware
- version/totolink a3600r firmware/4.1.2cu.5182_b20201102