CVE-2022-36459: OS Command Injection
First published: Thu Aug 25 2022(Updated: )
TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A3700R Firmware | =9.1.2u.6134_b20201202 | |
| Totolink A3700R Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the TOTOLINK A3700R vulnerability?
The vulnerability ID of the TOTOLINK A3700R vulnerability is CVE-2022-36459.
What is the severity of CVE-2022-36459?
The severity of CVE-2022-36459 is high with a CVSS score of 7.8.
How does the TOTOLINK A3700R vulnerability occur?
The TOTOLINK A3700R vulnerability occurs through a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.
What software version is affected by CVE-2022-36459?
The Totolink A3700r Firmware version 9.1.2u.6134_b20201202 is affected by CVE-2022-36459.
Is the TOTOLINK A3700R device vulnerable to CVE-2022-36459?
No, the TOTOLINK A3700R device is not vulnerable to CVE-2022-36459.
- agent/author
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/totolink
- canonical/totolink a3700r firmware
- version/totolink a3700r firmware/9.1.2u.6134_b20201202