| タイトル | TOTOLINK N150RT 3.4.0-B20190525 Remote Code Execution |
|---|
| 説明 | Title: TOTOLINK N150RT Firmware Version 3.4.0-B20190525 TargetAPSsid OS COMMAND
INJECTION
Vulnerability Type: OS Command Injection
Vulnerability Description
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 within the Boa WebServer of
the router firmware. The attack can be initiated remotely. Authentication is required for exploitation.
The manipulation of the argument targetAPSsid of /boa/formWSC parameter leads to os command
injection which is caused by improper neutralization of input leading to directly usage of it to command
injection.
Impact
As vulnerability class is OS command injection attackers may abuse Linux utilities that enable
command execution to bypass security controls restricting direct use of command-line interpreters like
bash or sh. Utilities like netcat (nc) may also be used to establish reverse shells or transfer malicious
payloads.
Vulnerability Disclosure: https://docs.google.com/document/d/1meuD3WLzPE0HHQAm_Ar6zx1NDyO29zsK/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true
|
|---|
| ソース | ⚠️ https://docs.google.com/document/d/1meuD3WLzPE0HHQAm_Ar6zx1NDyO29zsK/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2025年06月11日 01:39 (10 月 ago) |
|---|
| モデレーション | 2025年06月19日 09:47 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 313299 [TOTOLINK N150RT 3.4.0-B20190525 /boa/formWSC targetAPSsid 特権昇格] |
|---|
| ポイント | 20 |
|---|