Sign-up

ID

VAR-202211-1649


CVE

CVE-2022-44250


TITLE

TOTOLINK  of  lr350  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-021450

DESCRIPTION

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. TOTOLINK of lr350 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE (broadband access equipment) launched by China's TOTOLINK Electronics. It is primarily designed for deploying NR fixed data services in homes and offices and supports 5G NR network connections

Trust: 2.16

sources: NVD: CVE-2022-44250 // JVNDB: JVNDB-2022-021450 // CNVD: CNVD-2025-21011

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-21011

AFFECTED PRODUCTS

vendor:totolinkmodel:lr350scope:eqversion:9.3.5u.6369_b20220309

Trust: 1.0

vendor:totolinkmodel:lr350scope: - version: -

Trust: 0.8

vendor:totolinkmodel:lr350scope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:lr350scope:eqversion:lr350 firmware 9.3.5u.6369 b20220309

Trust: 0.8

vendor:totolinkmodel:nr1800x 9.1.0u.6279 b20210910scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-21011 // JVNDB: JVNDB-2022-021450 // NVD: CVE-2022-44250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-44250
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-44250
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-44250
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-21011
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-3381
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2025-21011
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-44250
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-44250
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-21011 // CNNVD: CNNVD-202211-3381 // JVNDB: JVNDB-2022-021450 // NVD: CVE-2022-44250 // NVD: CVE-2022-44250

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-021450 // NVD: CVE-2022-44250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3381

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202211-3381

EXTERNAL IDS

db:NVDid:CVE-2022-44250

Trust: 3.8

db:JVNDBid:JVNDB-2022-021450

Trust: 0.8

db:CNVDid:CNVD-2025-21011

Trust: 0.6

db:CNNVDid:CNNVD-202211-3381

Trust: 0.6

sources: CNVD: CNVD-2025-21011 // CNNVD: CNNVD-202211-3381 // JVNDB: JVNDB-2022-021450 // NVD: CVE-2022-44250

REFERENCES

url:https://brief-nymphea-813.notion.site/lr350-command-injection-setopmodecfg-7133dfcdeb9c4dfb87d9b5f4490b9a07

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-44250

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-44250/

Trust: 0.6

sources: CNVD: CNVD-2025-21011 // CNNVD: CNNVD-202211-3381 // JVNDB: JVNDB-2022-021450 // NVD: CVE-2022-44250

SOURCES

db:CNVDid:CNVD-2025-21011
db:CNNVDid:CNNVD-202211-3381
db:JVNDBid:JVNDB-2022-021450
db:NVDid:CVE-2022-44250

LAST UPDATE DATE

2025-09-12T23:46:21.339000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-21011date:2025-09-11T00:00:00
db:CNNVDid:CNNVD-202211-3381date:2022-11-28T00:00:00
db:JVNDBid:JVNDB-2022-021450date:2023-11-10T08:16:00
db:NVDid:CVE-2022-44250date:2025-04-25T21:15:34.880

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-21011date:2025-09-10T00:00:00
db:CNNVDid:CNNVD-202211-3381date:2022-11-23T00:00:00
db:JVNDBid:JVNDB-2022-021450date:2023-11-10T00:00:00
db:NVDid:CVE-2022-44250date:2022-11-23T16:15:10.520