What is CVE-2022-26206?

CVE-2022-26206 is a command injection vulnerability found in Totolink A830R, A3100R, A950RG, A800R, A3000RU, and A810R firmware.

What is the severity of CVE-2022-26206?

CVE-2022-26206 has a severity rating of 9.8, which is considered critical.

How do I fix CVE-2022-26206?

There is currently no known fix for CVE-2022-26206. It is recommended to contact the vendor for updates or mitigations.

How can the command injection vulnerability in Totolink firmware be exploited?

The command injection vulnerability in Totolink firmware can be exploited by sending specially crafted requests to the vulnerable device, allowing an attacker to execute arbitrary commands.

Where can I find more information about CVE-2022-26206?

More information about CVE-2022-26206 can be found at the following link: [github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md](github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md)

Vulnerability/
CVE-2022-26206

critical

9.8

CWE

78 77

15/3/2022

3/8/2024

CVE-2022-26206: OS Command Injection

First published: Tue Mar 15 2022(Updated: )

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Totolink A830r Firmware	=5.9c.4729_b20191112
Totolink A830R
Totolink A3100r Firmware	=4.1.2cu.5050_b20200504
TOTOLink A3100R
Totolink A950rg Firmware	=4.1.2cu.5161_b20200903
TOTOLink A950RG
Totolink A800r Firmware	=4.1.2cu.5137_b20200730
TOTOLink A800R
Totolink A3000ru Firmware	=5.9c.5185_b20201128
TOTOLink A3000RU
Totolink A810r Firmware	=4.1.2cu.5182_b20201026
TOTOLINK A810R

Never miss a vulnerability like this again

Reference Links

https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md

Frequently Asked Questions

What is CVE-2022-26206?
CVE-2022-26206 is a command injection vulnerability found in Totolink A830R, A3100R, A950RG, A800R, A3000RU, and A810R firmware.
What is the severity of CVE-2022-26206?
CVE-2022-26206 has a severity rating of 9.8, which is considered critical.
How do I fix CVE-2022-26206?
There is currently no known fix for CVE-2022-26206. It is recommended to contact the vendor for updates or mitigations.
How can the command injection vulnerability in Totolink firmware be exploited?
The command injection vulnerability in Totolink firmware can be exploited by sending specially crafted requests to the vulnerable device, allowing an attacker to execute arbitrary commands.
Where can I find more information about CVE-2022-26206?
More information about CVE-2022-26206 can be found at the following link: [github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md](github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_27/27.md)

collector/nvd-api
collector/nvd-index
agent/event
agent/severity
agent/weakness
agent/references
agent/author
agent/type
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/totolink
canonical/totolink a830r firmware
version/totolink a830r firmware/5.9c.4729_b20191112
canonical/totolink a830r
canonical/totolink a3100r firmware
version/totolink a3100r firmware/4.1.2cu.5050_b20200504
canonical/totolink a3100r
canonical/totolink a950rg firmware
version/totolink a950rg firmware/4.1.2cu.5161_b20200903
canonical/totolink a950rg
canonical/totolink a800r firmware
version/totolink a800r firmware/4.1.2cu.5137_b20200730
canonical/totolink a800r
canonical/totolink a3000ru firmware
version/totolink a3000ru firmware/5.9c.5185_b20201128
canonical/totolink a3000ru
canonical/totolink a810r firmware
version/totolink a810r firmware/4.1.2cu.5182_b20201026
canonical/totolink a810r