जमा करें #797460: Totolink A7100RU 7.4cu.2313_b20191024 Command Injectionजानकारी

शीर्षकTotolink A7100RU 7.4cu.2313_b20191024 Command Injection
विवरणA pre‑authentication OS command injection vulnerability exists in the `setPasswordCfg` functionality exposed via the web management interface (`/cgi-bin/cstecgi.cgi`) of the TOTOLINK A7100RU 7.4cu.2313_b20191024 router. The CGI handler retrieves user‑controlled input from the HTTP parameter `admpass`, embeds it directly into a shell command string using `sprintf`, and executes it via `CsteSystem()` without any sanitization or escaping. As a result, a remote attacker with network access to the web interface can inject arbitrary shell commands and execute them with root privileges on the device, without authentication. This allows full compromise of the router and, potentially, further compromise of the attached network.
स्रोत⚠️ https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_198/README.md
उपयोगकर्ता
 LtzHust (UID 95660)
सबमिशन05/04/2026 09:58 PM (3 महीनों पहले)
संयम13/04/2026 10:45 AM (8 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि357117 [Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setPasswordCfg admpass अधिकार वृद्धि]
अंक20

Want to know what is going to be exploited?

We predict KEV entries!