admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-324xx/CVE-2022-32449.json
cad-safe-bot 525ecb0f67 Auto-Update: 2023-08-02T02:00:31.995702+00:00
2023-08-02 02:00:35 +00:00

121 lines
3.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-32449",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-07T19:15:08.350",
"lastModified": "2023-08-02T00:15:15.913",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet."
},
{
"lang": "es",
"value": "Se ha detectado que TOTOLINK EX300_V2 versi\u00f3n V4.0.3c.7484, contiene una vulnerabilidad de inyecci\u00f3n de comandos por medio del par\u00e1metro langType en la funci\u00f3n setLanguageCfg. Esta vulnerabilidad es explotable por medio de un paquete de datos MQTT dise\u00f1ado"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:ex300_v2_firmware:4.0.3c.7484:*:*:*:*:*:*:*",
"matchCriteriaId": "803527FC-A921-40EB-BE58-2AAE37BEA697"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:ex300_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7D15BE-D0FA-48C4-9752-F11255ABA2BA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/winmt/CVE/blob/main/TOTOLINK%20EX300_V2/README.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/winmt/my-vuls/tree/main/TOTOLINK%20EX300_V2",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink