CVE-2022-32449

{"id": "CVE-2022-32449", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-07-07T19:15:08.350", "references": [{"url": "https://github.com/winmt/CVE/blob/main/TOTOLINK%20EX300_V2/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/winmt/my-vuls/tree/main/TOTOLINK%20EX300_V2", "source": "cve@mitre.org"}, {"url": "https://github.com/winmt/CVE/blob/main/TOTOLINK%20EX300_V2/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/winmt/my-vuls/tree/main/TOTOLINK%20EX300_V2", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet."}, {"lang": "es", "value": "Se ha detectado que TOTOLINK EX300_V2 versi\u00f3n V4.0.3c.7484, contiene una vulnerabilidad de inyecci\u00f3n de comandos por medio del par\u00e1metro langType en la funci\u00f3n setLanguageCfg. Esta vulnerabilidad es explotable por medio de un paquete de datos MQTT dise\u00f1ado"}], "lastModified": "2024-11-21T07:06:22.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:totolink:ex300_v2_firmware:4.0.3c.7484:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "803527FC-A921-40EB-BE58-2AAE37BEA697"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:totolink:ex300_v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2C7D15BE-D0FA-48C4-9752-F11255ABA2BA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}