Access Control Vulnerability in TOTOLINK A7000R Router
CVE-2022-32993

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: A7000r Firmware
Vendor: CVE Published:; 29 August 2022

Summary

The TOTOLINK A7000R router version V4.1cu.4134 has been identified with an access control vulnerability. This issue arises due to the improper handling of permissions through the ExportSettings.sh script located in the /cgi-bin/ directory. This flaw could allow unauthorized users to access sensitive settings and potentially modify the configuration of the router, elevating the risk of compromising the device's integrity and the security of the network it serves.

References

http://totolink.com

x_refsource_MISC

https://github.com/laotun-s/POC/blob/main/CVE-2022-32993.txt

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2022
Vulnerability Reserved
Jun 13, 2022