जमा करें #779142: Totolink A3300R 17.0.0cu.557_b20221024 Command Injectionजानकारी

शीर्षकTotolink A3300R 17.0.0cu.557_b20221024 Command Injection
विवरणThe vulnerability exists within the router's shttpdservice. It allows a remote attacker to execute arbitrary operating system commands by sending a specially crafted network request. The technical root cause involves unsafe handling of user input in a function chain: A user-supplied parameter named "ip" is read by the program. This parameter's value is passed to the Uci_Set_Strfunction. Subsequently, the value of "ip" is unsafely concatenated into a command string (variable v11) using snprintf. This crafted command string is then passed to and executed by the CsteSystemfunction via the execv()system call.
स्रोत⚠️ https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_ip_cmd_inject
उपयोगकर्ता
 LvHW (UID 96399)
सबमिशन13/03/2026 03:31 AM (4 महीनों पहले)
संयम29/03/2026 07:51 PM (17 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि354129 [Totolink A3300R 17.0.0cu.557_b20221024 /cgi-bin/cstecgi.cgi setStaticRoute ip अधिकार वृद्धि]
अंक20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!