Totolink A7100Ru Firmware vulnerabilities

CVE-2022-48121 [CRITICAL] CWE-78 CVE-2022-48121: TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.

CVE-2022-48125 [CRITICAL] CWE-78 CVE-2022-48125: TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.

CVE-2022-48124 [CRITICAL] CWE-78 CVE-2022-48124: TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.

CVE-2022-47853 [CRITICAL] CWE-78 CVE-2022-47853: TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.

CVE-2022-46631 [CRITICAL] CWE-78 CVE-2022-46631: TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.

CVE-2022-46634 [CRITICAL] CWE-78 CVE-2022-46634: TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.

CVE-2022-44843 [CRITICAL] CWE-78 CVE-2022-44843: TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.

CVE-2022-44844 [CRITICAL] CWE-78 CVE-2022-44844: TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.

CVE-2022-28578 [CRITICAL] CWE-78 CVE-2022-28578: It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOli It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28575 [CRITICAL] CWE-78 CVE-2022-28575: It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload

CVE-2022-28584 [CRITICAL] CWE-78 CVE-2022-28584: It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTO It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28583 [CRITICAL] CWE-78 CVE-2022-28583: It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOli It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28579 [CRITICAL] CWE-78 CVE-2022-28579: It is found that there is a command injection vulnerability in the setParentalRules interface in TOT It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28577 [CRITICAL] CWE-78 CVE-2022-28577: It is found that there is a command injection vulnerability in the delParentalRules interface in TOT It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28582 [CRITICAL] CWE-78 CVE-2022-28582: It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOT It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28581 [CRITICAL] CWE-78 CVE-2022-28581: It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in T It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28580 [CRITICAL] CWE-78 CVE-2022-28580: It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOT It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.