Sign-up

ID

VAR-202211-1449


CVE

CVE-2022-44249


TITLE

TOTOLINK NR1800X Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2025-21008 // CNNVD: CNNVD-202211-3380

DESCRIPTION

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. TOTOLINK of lr350 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE (broadband access equipment) launched by China's TOTOLINK Electronics. It is primarily designed for deploying NR fixed data services in homes and offices and supports 5G NR network connectivity

Trust: 2.16

sources: NVD: CVE-2022-44249 // JVNDB: JVNDB-2022-021451 // CNVD: CNVD-2025-21008

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-21008

AFFECTED PRODUCTS

vendor:totolinkmodel:lr350scope:eqversion:9.3.5u.6369_b20220309

Trust: 1.0

vendor:totolinkmodel:lr350scope: - version: -

Trust: 0.8

vendor:totolinkmodel:lr350scope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:lr350scope:eqversion:lr350 firmware 9.3.5u.6369 b20220309

Trust: 0.8

vendor:totolinkmodel:nr1800x 9.1.0u.6279 b20210910scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-21008 // JVNDB: JVNDB-2022-021451 // NVD: CVE-2022-44249

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-44249
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-44249
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-44249
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-21008
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-3380
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2025-21008
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-44249
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-44249
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-21008 // CNNVD: CNNVD-202211-3380 // JVNDB: JVNDB-2022-021451 // NVD: CVE-2022-44249 // NVD: CVE-2022-44249

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-021451 // NVD: CVE-2022-44249

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3380

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202211-3380

EXTERNAL IDS

db:NVDid:CVE-2022-44249

Trust: 3.8

db:JVNDBid:JVNDB-2022-021451

Trust: 0.8

db:CNVDid:CNVD-2025-21008

Trust: 0.6

db:CNNVDid:CNNVD-202211-3380

Trust: 0.6

sources: CNVD: CNVD-2025-21008 // CNNVD: CNNVD-202211-3380 // JVNDB: JVNDB-2022-021451 // NVD: CVE-2022-44249

REFERENCES

url:https://brief-nymphea-813.notion.site/lr350-command-injection-uploadfirmwarefile-f006f70e9e6540529d262a8d34154d24

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-44249

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-44249/

Trust: 0.6

sources: CNVD: CNVD-2025-21008 // CNNVD: CNNVD-202211-3380 // JVNDB: JVNDB-2022-021451 // NVD: CVE-2022-44249

SOURCES

db:CNVDid:CNVD-2025-21008
db:CNNVDid:CNNVD-202211-3380
db:JVNDBid:JVNDB-2022-021451
db:NVDid:CVE-2022-44249

LAST UPDATE DATE

2025-09-12T23:40:21.417000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-21008date:2025-09-11T00:00:00
db:CNNVDid:CNNVD-202211-3380date:2022-11-28T00:00:00
db:JVNDBid:JVNDB-2022-021451date:2023-11-10T08:16:00
db:NVDid:CVE-2022-44249date:2025-04-25T21:15:34.723

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-21008date:2025-09-10T00:00:00
db:CNNVDid:CNNVD-202211-3380date:2022-11-23T00:00:00
db:JVNDBid:JVNDB-2022-021451date:2023-11-10T00:00:00
db:NVDid:CVE-2022-44249date:2022-11-23T16:15:10.470