| عنوان | Totolink EX1800T V9.1.0cu.2112_B20220316 OS Command Injection |
|---|
| الوصف | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliKey’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. This vulnerability don't need to login, due to insufficient input validation and sanitization, an attacker can exploit this flaw by injecting malicious OS commands through the apcliKey field. Successful exploitation allows the attacker to execute any command. |
|---|
| المصدر | ⚠️ https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2001%20setWiFiExtenderConfig-_apcliKey.md |
|---|
| المستخدم | selph (UID 82377) |
|---|
| ارسال | 06/03/2025 08:26 AM (1 سنة منذ) |
|---|
| الاعتدال | 07/03/2025 04:44 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 298952 [TOTOLINK EX1800T 9.1.0cu.2112_B20220316 /cgi-bin/cstecgi.cgi setWiFiExtenderConfig apcliKey/key تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|