⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2022-38511

CWE-78OS Command InjectionCWE-77Command Injection4 documents4 sources
Severity
7.8HIGH
EPSS
0.4%
top 38.36%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Totolink A810r Firmware
Timeline
PublishedAug 29

Description

TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDtotolink/a810r_firmware5.9c.4050_b20190424

🔴Vulnerability Details

3
GHSA
GHSA-q686-qg49-f6hm: TOTOLINK A810R V52022-08-29
CVEList
CVE-2022-38511: TOTOLINK A810R V52022-08-28
VulnCheck
totolink a810r_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2022
CVE-2022-38511 (HIGH CVSS 7.8) | TOTOLINK A810R V5.9c.4050_B20190424 | cvebase.io