CVE-2022-25076

GPTKB entity

Statements (23)
Predicate Object
gptkbp:instanceOf CVE Identifier
gptkbp:affects gptkb:TOTOLINK_A3002R
gptkb:TOTOLINK_A7000R
gptkb:TOTOLINK_A800R
gptkb:TOTOLINK_A950RG
gptkbp:describes TOTOLINK routers A3002R, A7000R, A800R, and A950RG allow remote attackers to execute arbitrary code via a crafted POST request to the /cgi-bin/cstecgi.cgi endpoint.
gptkbp:exploits Yes
gptkbp:hasAttackVector gptkb:network_protocol
gptkbp:hasCVSSScore 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
gptkbp:hasCWE gptkb:CWE-78
gptkbp:hasImpactAvailability High
gptkbp:hasImpactConfidentiality High
gptkbp:hasImpactIntegrity High
gptkbp:hasPrivilegesRequired nan
gptkbp:hasUserInteraction nan
https://www.w3.org/2000/01/rdf-schema#label CVE-2022-25076
gptkbp:publicDisclosure 2022-02-18
gptkbp:referencedIn https://github.com/0xf4n9x/CVE-2022-25076
https://nvd.nist.gov/vuln/detail/CVE-2022-25076
gptkbp:vulnerableTo Remote Code Execution
gptkbp:bfsParent gptkb:MHCHAOS
gptkbp:bfsLayer 6