What is CVE-2022-29639?

CVE-2022-29639 refers to a command injection vulnerability found in TOTOLINK A3100R firmware versions 4.1.2cu.5050_B20200504 and 4.1.2cu.5247_B20211129.

How severe is CVE-2022-29639?

CVE-2022-29639 has a severity rating of 8.1, which is classified as critical.

How does CVE-2022-29639 affect TOTOLINK A3100R?

CVE-2022-29639 allows an attacker to inject malicious commands via the 'magicid' parameter in the uci_cloudupdate_config function of TOTOLINK A3100R firmware versions 4.1.2cu.5050_B20200504 and 4.1.2cu.5247_B20211129.

Is TOTOLINK A3100R firmware version 4.1.2cu.5050_B20200504 vulnerable?

Yes, TOTOLINK A3100R firmware version 4.1.2cu.5050_B20200504 is vulnerable to the command injection vulnerability (CVE-2022-29639).

Is there a fix for CVE-2022-29639?

Currently, there is no official fix available for CVE-2022-29639. It is recommended to update to a patched version as soon as it is released by the vendor.

Vulnerability/
CVE-2022-29639

critical

9.3

CWE

18/5/2022

3/8/2024

CVE-2022-29639: Command Injection

First published: Wed May 18 2022(Updated: )

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Totolink A3100r Firmware	=4.1.2cu.5050_b20200504
Totolink A3100r Firmware	=4.1.2cu.5247_b20211129
TOTOLink A3100R

Never miss a vulnerability like this again

Reference Links

https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/1.md

Frequently Asked Questions

What is CVE-2022-29639?
CVE-2022-29639 refers to a command injection vulnerability found in TOTOLINK A3100R firmware versions 4.1.2cu.5050_B20200504 and 4.1.2cu.5247_B20211129.
How severe is CVE-2022-29639?
CVE-2022-29639 has a severity rating of 8.1, which is classified as critical.
How does CVE-2022-29639 affect TOTOLINK A3100R?
CVE-2022-29639 allows an attacker to inject malicious commands via the 'magicid' parameter in the uci_cloudupdate_config function of TOTOLINK A3100R firmware versions 4.1.2cu.5050_B20200504 and 4.1.2cu.5247_B20211129.
Is TOTOLINK A3100R firmware version 4.1.2cu.5050_B20200504 vulnerable?
Yes, TOTOLINK A3100R firmware version 4.1.2cu.5050_B20200504 is vulnerable to the command injection vulnerability (CVE-2022-29639).
Is there a fix for CVE-2022-29639?
Currently, there is no official fix available for CVE-2022-29639. It is recommended to update to a patched version as soon as it is released by the vendor.

collector/nvd-api
collector/nvd-index
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/totolink
canonical/totolink a3100r firmware
version/totolink a3100r firmware/4.1.2cu.5050_b20200504
version/totolink a3100r firmware/4.1.2cu.5247_b20211129
canonical/totolink a3100r

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.