Summaryinfo

A vulnerability described as critical has been identified in TOTOLINK NR1800X 9.1.0u.6279_B20210910. This affects the function setUssd. Executing a manipulation of the argument ussd can lead to command injection. This vulnerability is tracked as CVE-2022-44251. No exploit exists. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability classified as critical was found in TOTOLINK NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setUssd. The manipulation of the argument ussd with an unknown input leads to a command injection vulnerability. The CWE definition for the vulnerability is CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.

The weakness was disclosed 11/23/2022. The advisory is available at brief-nymphea-813.notion.site. This vulnerability was named CVE-2022-44251 since 10/30/2022. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1202 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• TOTOLINK

Name

• NR1800X

Version

• 9.1.0u.6279_B20210910

License

• commercial

Website

• Vendor: https://www.totolink.net/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion