| Título | Totolink A3300R 17.0.0cu.557_b20221024 Command Injection |
|---|
| Descripción | A Command Injection vulnerability was discovered in the router's shttpdservice. This flaw allows a remote attacker to execute arbitrary operating system commands on the target device by sending a specially crafted network request, potentially leading to full device compromise. The complete technical exploit chain is illustrated in the provided vulnerability trigger flow diagram: The attack proceeds as follows:
1.Malicious Parameter Input: The attacker provides a parameter named "pptpPassThru" in a crafted request.
2.Parameter Handling: The program reads this user-supplied value within the sub_41B25C function, as shown in the relevant code screenshot: and passes it to the Uci_Set_Strfunction for processing.
3.Unsafe Command Construction: The value of the "pptpPassThru" parameter is then unsafely concatenated directly into a system command string (variable v11) without proper sanitization. The code snippet detailing this command construction is provided:
4.Arbitrary Command Execution: This constructed command string, which now contains the attacker's input, is ultimately passed to the CsteSystemfunction. The command is executed via the execv()system call within this function, as captured in the final code screenshot: This completes the command injection.
|
|---|
| Fuente | ⚠️ https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_pptpPassThru_cmd_inject |
|---|
| Usuario | LvHW (UID 96399) |
|---|
| Sumisión | 2026-03-13 03:39 (hace 18 días) |
|---|
| Moderación | 2026-03-29 19:51 (17 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 354130 [Totolink A3300R 17.0.0cu.557_b20221024 Parameter /cgi-bin/cstecgi.cgi setVpnPassCfg pptpPassThru escalada de privilegios] |
|---|
| Puntos | 20 |
|---|