{"vulnerability": "CVE-2022-2620", "sightings": [{"uuid": "1c32ef40-d498-464b-bad3-5a1076f41856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26201", "type": "seen", "source": "https://t.me/cibsecurity/38414", "content": "\u203c CVE-2022-26201 \u203c\n\nVictor CMS v1.0 was discovered to contain a SQL injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T16:26:52.000000Z"}, {"uuid": "85f691c8-941a-45e0-870a-3c84628a752c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26200", "type": "seen", "source": "https://t.me/cibsecurity/39588", "content": "\u203c CVE-2022-26200 \u203c\n\nTechnitium Installer v4.4 was discovered to allow attackers to execute arbitrary code or escalate privileges via placing a crafted DLL in the same directory as the current installer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-27T07:32:49.000000Z"}, {"uuid": "7d5b1433-2f13-4f8a-a94b-3f6f7de95b20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26205", "type": "seen", "source": "https://t.me/cibsecurity/39589", "content": "\u203c CVE-2022-26205 \u203c\n\nMarky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-27T07:32:50.000000Z"}, {"uuid": "9ec3f518-7fa7-4133-be63-d3ebf6c76a1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26206", "type": "seen", "source": "https://t.me/cibsecurity/38980", "content": "\u203c CVE-2022-26206 \u203c\n\nTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T01:19:46.000000Z"}, {"uuid": "560f93ce-2b14-439d-9ca8-9e4429475698", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26207", "type": "seen", "source": "https://t.me/cibsecurity/38987", "content": "\u203c CVE-2022-26207 \u203c\n\nTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T01:19:55.000000Z"}, {"uuid": "27df6d4c-0230-435a-94f8-5d9f2290309e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26208", "type": "seen", "source": "https://t.me/cibsecurity/38984", "content": "\u203c CVE-2022-26208 \u203c\n\nTotolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T01:19:52.000000Z"}]}