CVE-2022-48066

CWE-287Improper AuthenticationCWE-863Incorrect Authorization3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.6%
top 29.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink A830r Firmware
Timeline
PublishedJan 27

Description

An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtotolink/a830r_firmware4.1.2cu.5182

🔴Vulnerability Details

2
CVEList
CVE-2022-48066: An issue in the component global2023-01-27
GHSA
GHSA-5jfh-7xpv-w2pp: An issue in the component global2023-01-27
CVE-2022-48066 (CRITICAL CVSS 9.8) | An issue in the component global.so | cvebase.io