Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-25131 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
CVE-2022-25137 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
CVE-2022-25135 | 1 Totolink | 2 T6, T6 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
CVE-2022-25084 | 1 Totolink | 2 T6, T6 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
CVE-2022-25136 | 1 Totolink | 4 T10, T10 Firmware, T6 and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet. |