» 2022 » 2월

CVE-2021-45082

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2021-45082

An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

Source: CVE-2021-45082

CVE-2022-25137

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2022-25137

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Source: CVE-2022-25137

CVE-2022-25131

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2022-25131

A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Source: CVE-2022-25131

CVE-2022-25130

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2022-25130

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Source: CVE-2022-25130

CVE-2022-25133

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2022-25133

A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Source: CVE-2022-25133

CVE-2022-25132

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2022-25132

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Source: CVE-2022-25132

CVE-2022-25135

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2022-25135

A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Source: CVE-2022-25135

CVE-2022-25134

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2022-25134

A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Source: CVE-2022-25134

CVE-2022-25136

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2022-25136

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

Source: CVE-2022-25136

CVE-2021-44302

Posted on 2022년 2월 19일2022년 2월 19일 by admin

CVE-2021-44302

BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php.

Source: CVE-2021-44302