Invia #189820: Blind remote OS command injection in Host Name on TOTOLink EX1200Linformazioni

TitoloBlind remote OS command injection in Host Name on TOTOLink EX1200L
Descrizione## Description and impact Function `setWanCfg` executes os command `echo` to overwrite hostname. An attacker can execute remote os command using crafted payload at `Host Name`. ## Root-cause When the function `setWanCfg` is called, it crafts os command following syntax `echo '%s' > /proc/sys/kernel/hostname`. The value of `Host name` is not validated. An attacker can send crafted payload to execute OS command. ![image](https://user-images.githubusercontent.com/29118926/257681580-135b9274-1f06-4a2b-b5cd-6c820e78a178.png)
Fonte⚠️ https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8
Utente
 dmknght (UID 51830)
Sottomissione02/08/2023 04:38 (3 anni fa)
Moderazione18/08/2023 10:04 (16 days later)
StatoAccettato
Voce VulDB237515 [TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 setWanCfg escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!