Statements (23)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:CVE_Identifier
|
| gptkbp:affects |
gptkb:TOTOLINK_A3002R
gptkb:TOTOLINK_A7000R gptkb:TOTOLINK_A800R gptkb:TOTOLINK_A950RG |
| gptkbp:describes |
TOTOLINK routers A3002R, A7000R, A800R, and A950RG allow remote attackers to execute arbitrary code via a crafted POST request to the /cgi-bin/cstecgi.cgi endpoint.
|
| gptkbp:exploits |
Yes
|
| gptkbp:hasAttackVector |
gptkb:network_protocol
|
| gptkbp:hasCVSSScore |
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| gptkbp:hasCWE |
gptkb:CWE-78
|
| gptkbp:hasImpactAvailability |
High
|
| gptkbp:hasImpactConfidentiality |
High
|
| gptkbp:hasImpactIntegrity |
High
|
| gptkbp:hasPrivilegesRequired |
None
|
| gptkbp:hasUserInteraction |
None
|
| gptkbp:publicDisclosure |
2022-02-18
|
| gptkbp:referencedIn |
https://github.com/0xf4n9x/CVE-2022-25076
https://nvd.nist.gov/vuln/detail/CVE-2022-25076 |
| gptkbp:vulnerableTo |
Remote Code Execution
|
| gptkbp:bfsParent |
gptkb:MHCHAOS
|
| gptkbp:bfsLayer |
6
|
| https://www.w3.org/2000/01/rdf-schema#label |
CVE-2022-25076
|