virus logo Intrusion Prevention

TOTOLINK.Router.Cstecgi.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in TOTOLINK routers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An unauthenticated remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.

affected-products-logoAffected Products

Totolink N600R V4.3.0cu.7570_B20200620
Totolink A830R V5.9c.4729_B20191112
Totolink A3100R V4.1.2cu.5050_B20200504
Totolink A950RG V4.1.2cu.5161_B20200903
Totolink A800R V4.1.2cu.5137_B20200730
Totolink A3000RU V5.9c.5185_B20201128
Totolink A810R V4.1.2cu.5182_B20201026

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-03-19 27.751 Name:Totolink.
Router.
Cstecgi.
Command.
Injection:TOTOLINK.
Router.
Cstecgi.
Command.
Injection
2023-07-18 25.604 Sig Added
2023-07-18 25.603 Sig Added
2023-07-18 25.602 Sig Added
2022-12-06 22.452 Sig Added
2022-06-06 21.332 Default_action:pass:drop
2022-05-17 20.317 Sig Added
2022-05-10 20.313
ID 51515
Created May 03, 2022
Updated Mar 18, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2022-38827 CVE-2022-32449 CVE-2023-26848 CVE-2022-38826 CVE-2022-28909 CVE-2022-28911 CVE-2022-28913 CVE-2022-28935 CVE-2022-28912 CVE-2022-28910 CVE-2022-28907 CVE-2022-28908 CVE-2022-28906 CVE-2022-28905 CVE-2022-26210 CVE-2022-25134 CVE-2022-41525 CVE-2022-41518 CVE-2023-33556 CVE-2023-31569 CVE-2022-26214 CVE-2022-26213 CVE-2022-26212 CVE-2022-26211 CVE-2022-26209 CVE-2022-26208 CVE-2022-26207 CVE-2022-26206 CVE-2023-24238 CVE-2023-24236 CVE-2023-24276 CVE-2023-25395 CVE-2024-24333 CVE-2023-24154 CVE-2024-23059 CVE-2024-23061 CVE-2024-23060 CVE-2022-28584 CVE-2022-28583 CVE-2022-28582 CVE-2022-28581 CVE-2022-28580 CVE-2022-28579 CVE-2022-28578 CVE-2022-28577 CVE-2022-28575 CVE-2023-52041 CVE-2023-52042 CVE-2023-46574 CVE-2022-26189 CVE-2022-26188 CVE-2022-26187 CVE-2022-26186 CVE-2022-38828 CVE-2022-38308
Exploit Prediction Score 81.37%
Default Action drop
Active
Affected OS Linux
Affected App Other