CVE-2022-25133

A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:t6_firmware:v4.1.5cu.748_b20211015:*:*:*:*:*:*:*
cpe:2.3:h:totolink:t6:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:51

Type Values Removed Values Added
References () https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_20/20.md - Broken Link, Third Party Advisory () https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_20/20.md - Broken Link, Third Party Advisory

Information

Published : 2022-02-19 00:15

Updated : 2024-11-21 06:51


NVD link : CVE-2022-25133

Mitre link : CVE-2022-25133

CVE.ORG link : CVE-2022-25133


JSON object : View

Products Affected

totolink

  • t6
  • t6_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')