exploitDog

GHSA-42rh-j929-h8h4

Опубликовано: 20 фев. 2022

Источник: github

Github: Не прошло ревью

Описание

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Ссылки

EPSS

Процентиль: 89%

0.0446

Низкий

CVE ID

Дефекты

CWE-77

Связанные уязвимости

CVE-2022-25132

CVSS3: 9.8

nvd

почти 4 года назад

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

EPSS

Процентиль: 89%

0.0446

Низкий

CVE ID

Дефекты

CWE-77