Unrated severityNVD Advisory· Published Mar 15, 2022· Updated Aug 3, 2024
CVE-2022-26214
CVE-2022-26214
Description
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.
Affected products
2- Totolink/A830R, A3100R, A950RG, A800R, A3000RU, A810Rdescription
Patches
Vulnerability mechanics
References
1- github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.mdmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.