| タイトル | Totolink C834FR-1C NR1800X command injection |
|---|
| 説明 | The vulnerability exists in the cstecgi.cgi of the TOTOLINK C834FR-1C (NR1800X) firmware version V9.1.0u.6279_B20210910. When the topicurl is setUssd, the program directly concatenates the user-controllable ussd parameter with the cli_atc AT+CUSD=1, \"%s\" > /tmp/.ussd_file command string through snprintf, and calls system to execute it. The vulnerability arises due to the lack of filtering for special characters in the input, leading to command injection. An attacker can exploit this vulnerability by constructing a payload such as " ; echo 'arbitrary command' > /tmp/ussd_success;" in the ussd parameter, by prematurely closing the double quotation marks, injecting a custom command using a semicolon, and commenting out the subsequent part with a hash symbol, thereby executing arbitrary operating system commands on the target device. |
|---|
| ソース | ⚠️ https://github.com/newym/cve/blob/main/totolink%20nr1800x%20command%20injection.md |
|---|
| ユーザー | NEWYM (UID 85144) |
|---|
| 送信 | 2026年04月14日 15:39 (2 月 ago) |
|---|
| モデレーション | 2026年04月30日 21:01 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 360358 [Totolink NR1800X 9.1.0u.6279_B20210910 /cgi-bin/cstecgi.cgi sub_41A68C setUssd 特権昇格] |
|---|
| ポイント | 20 |
|---|