Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-25082 PoC — TotoLink A950Rg 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-25082.yaml
Associated Vulnerability
Title:TotoLink A950Rg 操作系统命令注入漏洞 (CVE-2022-25082)
Description:TOTOLINK A950RG是中国吉翁电子(TOTOLINK)公司的一款超世代 Giga 无线路由器。 TOTOLink A950RG V5.9c.4050_B20190424 和V4.1.2cu.5204_B20210112 存在操作系统命令注入漏洞,该漏洞源于"Main"函数中存在命令注入漏洞。该漏洞允许攻击者通过QUERY_STRING 参数执行任意命令。
Description
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
File Snapshot

 id: CVE-2022-25082

info:
  name: TOTOLink - Unauthenticated Command Injection
  author: gy741
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.