| عنوان | TOTOLINK N150RT 3.4.0-B20190525 Remote Code Execution |
|---|
| الوصف | Title: TOTOLINK N150RT Firmware Version 3.4.0-B20190525 TargetAPSsid OS COMMAND
INJECTION
Vulnerability Type: OS Command Injection
Vulnerability Description
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 within the Boa WebServer of
the router firmware. The attack can be initiated remotely. Authentication is required for exploitation.
The manipulation of the argument targetAPSsid of /boa/formWSC parameter leads to os command
injection which is caused by improper neutralization of input leading to directly usage of it to command
injection.
Impact
As vulnerability class is OS command injection attackers may abuse Linux utilities that enable
command execution to bypass security controls restricting direct use of command-line interpreters like
bash or sh. Utilities like netcat (nc) may also be used to establish reverse shells or transfer malicious
payloads.
Vulnerability Disclosure: https://docs.google.com/document/d/1meuD3WLzPE0HHQAm_Ar6zx1NDyO29zsK/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true
|
|---|
| المصدر | ⚠️ https://docs.google.com/document/d/1meuD3WLzPE0HHQAm_Ar6zx1NDyO29zsK/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 11/06/2025 01:39 AM (10 أشهر منذ) |
|---|
| الاعتدال | 19/06/2025 09:47 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 313299 [TOTOLINK N150RT 3.4.0-B20190525 /boa/formWSC targetAPSsid تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|