CVE-2022-25075 A command injection vulnerability was found in A3000RU V5.9c.2280_B20180512.

An attacker can exploit this command injection vulnerability to execute arbitrary code on the affected device or obtain sensitive information. This issue is commonly exploited by hackers in order to compromise an affected device and obtain access to critical functions such as email, web, and FTP servers. TOTOLink A3000RU V5.9c.2280_B20180512 is vulnerable on all major operating systems such as Windows, Linux, and Mac OS.

Recommendations: Upgrade to latest version. Install an antivirus to prevent malware from exploiting this vulnerability. For security personnel, receive an accurate forensic analysis of your network to detect vulnerable devices and safeguard against future attacks.

TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. An attacker can exploit this command injection vulnerability to execute arbitrary code on the affected device or obtain sensitive information. This issue is commonly exploited by hackers in order to compromise an affected device and obtain access to critical functions such as email, web, and FTP servers. TOTOLink A3000RU V5.9c.2280_B20180512 is vulnerable on all major operating systems such as Windows, Linux, and Mac OS.

TOTOLink A3000RU V5.9c.2280_B20180512 is vulnerable on all major operating systems such as Windows, Linux, and Mac OS.

This vulnerability affects the following functions:
- Main
- File Transfer
- FTP
- Web server
- Email Server

TOTOLink A3000RU V5.9c.2280_B20180512 is a router manufactured by TOTOLink and was released on May 12, 2018. This device is only supported by the manufacturer.
The latest release of this product, TOTOLink A3000RU V5.9c.2280_B20180512, contains an undisclosed critical vulnerability that allows attackers to execute arbitrary commands via the QUERY_STRING parameter. An attacker can exploit this command injection vulnerability to execute arbitrary code on the affected device or obtain sensitive information. This issue is commonly exploited by hackers in order to compromise an affected device and obtain access to critical functions such as email, web, and FTP servers. TOTOLink A3000RU V5.9c.2280_B20180512 is vulnerable on all major operating systems such as Windows, Linux, and Mac OS.

TOTOLink A3000RU V5.9c.2280_B20180512 is a networking device manufactured by TOTOLink Technologies and distributed by TOTOLink Technologies as part of the TOTOLink Central Software. The vulnerable software version is B20180512, which was released on May 12th, 2018.
TOTOLink A3000RU V5.9c.2280_B20180512 contains 1 vulnerability at CVE-2022-25075 that can be exploited by an attacker to exploit the system and execute arbitrary code on the device or obtain sensitive information such as email, web, and FTP servers.

TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. An attacker can exploit this command injection vulnerability to execute arbitrary code on the affected device or obtain sensitive information. This issue is commonly exploited by hackers in order to compromise an affected device and obtain access to critical functions such as email, web, and FTP servers. TOTOLink A3000RU V5.9c.2280_B20180512 is vulnerable on all major operating systems such as Windows, Linux, and Mac OS.

Timeline

Published on: 02/24/2022 15:15:00 UTC
Last modified on: 03/02/2022 18:42:00 UTC

References