| शीर्षक | TOTOLINK WA300 V5.2cu.7112_B20190227 OS Command Injection |
|---|
| विवरण | The TOTOLINK WA300 router has a serious security vulnerability when handling web requests. This vulnerability lies in the processing logic of the setting/setAPNetwork interface. Attackers can inject specific shell characters into the Ipaddr parameter by constructing malicious POST requests. Since the server side does not perform effective filtering or verification on this parameter, and directly concatenates it to the system command for execution, unauthorized remote attackers can execute arbitrary system commands with Root privileges on the device. |
|---|
| स्रोत | ⚠️ https://github.com/master-abc/cve/issues/36 |
|---|
| उपयोगकर्ता | jiefengliang (UID 93721) |
|---|
| सबमिशन | 04/02/2026 05:15 PM (3 महीनों पहले) |
|---|
| संयम | 07/02/2026 10:15 AM (3 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 344869 [Totolink WA300 5.2cu.7112_B20190227 /cgi-bin/cstecgi.cgi setAPNetwork Ipaddr अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|