CVE-2022-36456 TOTOLink A720R V4.1.5cu.532_B20210610 has a command injection vulnerability via the username parameter in /cstecgi.cgi.

A remote attacker can exploit this flaw to execute arbitrary code on the system. This attack can be prevented by ensuring that input validation is applied to the username parameter in /cstecgi.cgi. A total of 2 products have been discovered to be vulnerable with RedPanda reporting 1 and TOTOLink reporting 1.

CVE-2018-1316 RedPanda discovered a flaw in the handling of command arguments in the /get_file_details endpoint. If a user passes a maliciously crafted request to this endpoint, a remote attacker can exploit this flaw to cause a denial of service condition.

CVE-2018-1317 TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to be vulnerable to a reflected SQL injection issue. A remote attacker can exploit this flaw to access sensitive information.

CVE-2018-1318 TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to be vulnerable to a SQL injection issue. A remote attacker can exploit this flaw to access sensitive information.

CVE-2018-1319 TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to have a XSS issue. A remote attacker can exploit this flaw to inject malicious code into web traffic.

CVE-2018-1320 TOTOLink A720R V

Some of the products have been discovered to have vulnerabilities and were released by CVE.

Timeline

Published on: 08/25/2022 14:15:00 UTC
Last modified on: 08/26/2022 05:38:00 UTC

References