CVE-2022-28935

{"id": "CVE-2022-28935", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-07-06T13:15:09.400", "references": [{"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://drive.google.com/drive/folders/1JNX74lNgC3U9pnrcNlGo0hsDGZzF6h7F?usp=sharing", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability."}, {"lang": "es", "value": "Totolink A830R versi\u00f3n V5.9c.4729_B20191112, Totolink A3100R versi\u00f3n V4.1.2cu.5050_B20200504, Totolink A950RG versi\u00f3n V4.1.2cu.5161_B20200903, Totolink A800R versi\u00f3n V4.1.2cu.5137 B20200730, Totolink A3000RU versi\u00f3n V5.9c.5185_B20201128, Totolink A810R versi\u00f3n V4.1.2cu.5182_B20201026, Ha sido detectado que conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos"}], "lastModified": "2022-07-14T01:36:50.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1751A6D0-CD32-4035-94B0-6085272AB214"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a830r_firmware:5.9c.4729_b20191112:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCB860A4-250F-43CD-90F6-E97D9FF4D595"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40729E79-9D89-440F-B38D-E62D310E27F9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5050_b20200504:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD0B6FC-5C4F-4547-883D-7B9C03B45523"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64FA78CC-AB0C-4D86-964B-1A91C747BA8A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA5FEC23-3370-4C1F-96C1-C1287FCCB07B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E79C3048-8804-410F-BFFC-8878FFE2DF8A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD355C8B-CA00-4093-BB2A-D3EC6EC64053"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79DE76F9-7FFB-4862-AD73-BD2ACA15EBAB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}