| 제목 | Format string bypasses input validation, leads to RCE in multiple TOTOlink devices |
|---|
| 설명 | A special character isn't blacklisted in function `Validity_check`, bypasses the input validation, allowed attacker executes remote OS command execution as root. It looks like the function `doSystem` is vulnerable against format string. Attacker can execute the payload after character `%` as a new command due to unknown reason in the code's logic. The vulnerability was tested and confirmed on TOTOLink N200RE V5, version V9.3.5u.6437_B20230519. All command that shares the same code base should be vulnerable too (Such as TOTOLINK EX1200T V4.1.2cu.5215 CVE-2021-42875, TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 CVE-2023-4410 and so on). The real number of vulnerable firmware / device is unknown. |
|---|
| 원천 | ⚠️ https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80 |
|---|
| 사용자 | dmknght (UID 51830) |
|---|
| 제출 | 2023. 08. 27. AM 10:18 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 09. 03. AM 08:49 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 238635 [TOTOLINK N200RE V5 9.3.5u.6437_B20230519 Validity_check Format String] |
|---|
| 포인트들 | 20 |
|---|