| Titre | Totolink C834FR-1C NR1800X command injection |
|---|
| Description | The vulnerability exists in the cstecgi.cgi of the TOTOLINK C834FR-1C (NR1800X) firmware version V9.1.0u.6279_B20210910. When the topicurl is setUssd, the program directly concatenates the user-controllable ussd parameter with the cli_atc AT+CUSD=1, \"%s\" > /tmp/.ussd_file command string through snprintf, and calls system to execute it. The vulnerability arises due to the lack of filtering for special characters in the input, leading to command injection. An attacker can exploit this vulnerability by constructing a payload such as " ; echo 'arbitrary command' > /tmp/ussd_success;" in the ussd parameter, by prematurely closing the double quotation marks, injecting a custom command using a semicolon, and commenting out the subsequent part with a hash symbol, thereby executing arbitrary operating system commands on the target device. |
|---|
| La source | ⚠️ https://github.com/newym/cve/blob/main/totolink%20nr1800x%20command%20injection.md |
|---|
| Utilisateur | NEWYM (UID 85144) |
|---|
| Soumission | 14/04/2026 15:39 (il y a 2 mois) |
|---|
| Modérer | 30/04/2026 21:01 (16 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 360358 [Totolink NR1800X 9.1.0u.6279_B20210910 /cgi-bin/cstecgi.cgi sub_41A68C setUssd élévation de privilèges] |
|---|
| Points | 20 |
|---|