Sign-up

ID

VAR-202210-0121


CVE

CVE-2022-41525


TITLE

TOTOLINK  of  nr1800x  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-018556

DESCRIPTION

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. TOTOLINK of nr1800x The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE (broadband access equipment) launched by China's TOTOLINK Electronics. It is primarily designed for deploying NR fixed data services in homes and offices and supports 5G NR network connections. This vulnerability could allow an attacker to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2022-41525 // JVNDB: JVNDB-2022-018556 // CNVD: CNVD-2025-21019

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-21019

AFFECTED PRODUCTS

vendor:totolinkmodel:nr1800xscope:eqversion:9.1.0u.6279_b20210910

Trust: 1.0

vendor:totolinkmodel:nr1800xscope: - version: -

Trust: 0.8

vendor:totolinkmodel:nr1800xscope:eqversion:nr1800x firmware 9.1.0u.6279 b20210910

Trust: 0.8

vendor:totolinkmodel:nr1800xscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:nr1800x v9.1.0u.6279 b20210910scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-21019 // JVNDB: JVNDB-2022-018556 // NVD: CVE-2022-41525

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-41525
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-41525
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-21019
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202210-187
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2025-21019
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-41525
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-41525
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-21019 // CNNVD: CNNVD-202210-187 // JVNDB: JVNDB-2022-018556 // NVD: CVE-2022-41525

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018556 // NVD: CVE-2022-41525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-187

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-187

EXTERNAL IDS

db:NVDid:CVE-2022-41525

Trust: 3.8

db:JVNDBid:JVNDB-2022-018556

Trust: 0.8

db:CNVDid:CNVD-2025-21019

Trust: 0.6

db:CNNVDid:CNNVD-202210-187

Trust: 0.6

sources: CNVD: CNVD-2025-21019 // CNNVD: CNNVD-202210-187 // JVNDB: JVNDB-2022-018556 // NVD: CVE-2022-41525

REFERENCES

url:https://brief-nymphea-813.notion.site/nr1800x-command-injection-setopmodecfg-7b10868ba53544148d9aa3100b5df5cc

Trust: 3.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-41525

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-41525/

Trust: 0.6

sources: CNVD: CNVD-2025-21019 // CNNVD: CNNVD-202210-187 // JVNDB: JVNDB-2022-018556 // NVD: CVE-2022-41525

SOURCES

db:CNVDid:CNVD-2025-21019
db:CNNVDid:CNNVD-202210-187
db:JVNDBid:JVNDB-2022-018556
db:NVDid:CVE-2022-41525

LAST UPDATE DATE

2025-09-12T23:48:15.705000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-21019date:2025-09-11T00:00:00
db:CNNVDid:CNNVD-202210-187date:2022-10-13T00:00:00
db:JVNDBid:JVNDB-2022-018556date:2023-10-20T08:24:00
db:NVDid:CVE-2022-41525date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-21019date:2025-09-10T00:00:00
db:CNNVDid:CNNVD-202210-187date:2022-10-06T00:00:00
db:JVNDBid:JVNDB-2022-018556date:2023-10-20T00:00:00
db:NVDid:CVE-2022-41525date:2022-10-06T19:15:11.007