제출 #189820: Blind remote OS command injection in Host Name on TOTOLink EX1200L정보

제목Blind remote OS command injection in Host Name on TOTOLink EX1200L
설명## Description and impact Function `setWanCfg` executes os command `echo` to overwrite hostname. An attacker can execute remote os command using crafted payload at `Host Name`. ## Root-cause When the function `setWanCfg` is called, it crafts os command following syntax `echo '%s' > /proc/sys/kernel/hostname`. The value of `Host name` is not validated. An attacker can send crafted payload to execute OS command. ![image](https://user-images.githubusercontent.com/29118926/257681580-135b9274-1f06-4a2b-b5cd-6c820e78a178.png)
원천⚠️ https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8
사용자
 dmknght (UID 51830)
제출2023. 08. 02. AM 04:38 (3 연령 ago)
모더레이션2023. 08. 18. AM 10:04 (16 days later)
상태수락
VulDB 항목237515 [TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 setWanCfg 권한 상승]
포인트들20

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!