B2eFly/CVE

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-28495 ↗	Mar 24, 2023Friday, 24 March 2023, 14:15	9.8 CRITICAL	—
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-28491 ↗	Mar 23, 2023Thursday, 23 March 2023, 15:15	9.8 CRITICAL	—
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-28492 ↗	Mar 23, 2023Thursday, 23 March 2023, 14:15	9.8 CRITICAL	—
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.
CVE-2022-28494 ↗	Mar 23, 2023Thursday, 23 March 2023, 01:15	9.8 CRITICAL	—
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.