- Description
- TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-78
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FFF9A60-5961-4F2F-9365-94C5DF7F8EDA"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "34981911-5839-430B-8008-EACFDFCEA2A1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC194AFC-2A93-45CC-8AC9-033A87953D70"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2F20C691-11F3-4882-89C7-500C097C0938"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]