CVE-2022-25084
published 2022-02-24CVE-2022-25084: TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
24.84%
97.6th percentile
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | t6_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-77jc-q8hg-fhfv: TOTOLink T6 V5
ghsa_unreviewed·2022-02-25
CVE-2022-25084 [CRITICAL] CWE-77 GHSA-77jc-q8hg-fhfv: TOTOLink T6 V5
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
VulnCheck
totolink t6_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-25084 [CRITICAL] totolink t6_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
totolink t6_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
Affected: totolink t6_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign; https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet; https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enha
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Mirai DDoS malware variant expands targets with 13 router exploits
blogs_bleepingcomputer·2023-10-10·CVSS 9.8
[CRITICAL] Mirai DDoS malware variant expands targets with 13 router exploits
## Mirai DDoS malware variant expands targets with 13 router exploits
## Bill Toulas
A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others.
Fortinet researchers report observing a peak in the exploitation rates around the first week of September, reaching tens of thousands of exploitation attempts against vulnerable devices.
IZ1H9 compromises devices to enlist them to its DDoS swarm and then launches DDoS attacks on specified targets, presumably on the order of clients renting its firepower.
## Extensive IoT targeting
The more devices and vulnerabilities targeted by a DDoS malware increased the potential to build a large and powerful
Fortinet
2022 IoT Threat Review | FortiGuard Labs
blogs_fortinet·2023-01-13·CVSS 8.8
[HIGH] 2022 IoT Threat Review | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
2022 IoT Threat Review
By Eduardo Altares, Joie Salvio and Roy Tay | January 13, 2023
FortiGuard Labs monitors the IoT botnet threat landscape for new and emerging campaigns. We do this with the assistance of our honeypots we have deployed to capture active attacks in the wild. This article provides insights into the data collected from our monitoring system over the past year.
Affected Platforms: Linux
Impacted Users: Any organization
Impact: Remote attackers gain control of the vulnerable systems
Severity Level: Critical
Attack Origins
Our distributed honeypot systems allow us to capture and monitor campaigns that are actively targeting IoT devices for infection. In most cases, these devices are turned into bots used to perform Distributed Denial o
2022-02-24
Published
Exploited in the wild