exploitDog

GHSA-5vvf-rpvx-7r4f

Опубликовано: 23 мар. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Ссылки

EPSS

Процентиль: 74%

0.00809

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-77

Связанные уязвимости

CVE-2022-28491

CVSS3: 9.8

nvd

почти 3 года назад

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

EPSS

Процентиль: 74%

0.00809

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-77