First published: Tue Mar 15 2022(Updated: )
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Totolink A830r Firmware | =5.9c.4729_b20191112 | |
Totolink A830R | ||
Totolink A3100r Firmware | =4.1.2cu.5050_b20200504 | |
TOTOLink A3100R | ||
Totolink A950rg Firmware | =4.1.2cu.5161_b20200903 | |
TOTOLink A950RG | ||
Totolink A800r Firmware | =4.1.2cu.5137_b20200730 | |
TOTOLink A800R | ||
Totolink A3000ru Firmware | =5.9c.5185_b20201128 | |
TOTOLink A3000RU | ||
Totolink A810r Firmware | =4.1.2cu.5182_b20201026 | |
TOTOLINK A810R |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26212 is a command injection vulnerability found in Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026.
CVE-2022-26212 has a severity score of 9.8, which is considered critical.
CVE-2022-26212 affects Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026.
To fix CVE-2022-26212, it is recommended to update the firmware of Totolink A830R, A3100R, A950RG, A800R, A3000RU, and A810R to a secure version.
You can find more information about CVE-2022-26212 at the following link: [link](https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_26/26.md)