CVE-2022-25132
published 2022-02-19CVE-2022-25132: A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | t10_firmware | — | — |
| totolink | t6_firmware | — | — |