exploitDog

CVE-2022-28491

Опубликовано: 23 мар. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Ссылки

https://github.com/B2eFly/CVE/blob/main/totolink/CP900/2/2.md
Exploit
Third Party Advisory
https://github.com/B2eFly/Router/blob/main/totolink/CP900/1/2.md
Broken Link
https://github.com/B2eFly/CVE/blob/main/totolink/CP900/2/2.md
Exploit
Third Party Advisory
https://github.com/B2eFly/Router/blob/main/totolink/CP900/1/2.md
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:totolink:cp900_firmware:6.3c.566_b20171026:*:*:*:*:*:*:*

cpe:2.3:h:totolink:cp900:-:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00809

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-5vvf-rpvx-7r4f

CVSS3: 9.8

github

почти 3 года назад

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

EPSS

Процентиль: 74%

0.00809

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78