| 제목 | TOTOLINK X5000R v9.1.0cu.2089_B20211224 RCE |
|---|
| 설명 | TOTOLINK X5000R firmware v9.1.0cu.2089_B20211224 contains an OS command injection vulnerability in the cstecgi.cgi component, in the exportOvpn handler.
The parameter "user" is passed into snprintf() and invoked by system() without sanitization, allowing remote attackers to execute arbitrary commands on the device.
In function main(), the value of parameter "user" is taken from the query string via getNthValueSafe(), then formatted into:
snprintf(v55, 256, "openvpn-cert build_user %s config", v49);
followed by:
system(v55);
Because v49 is not validated nor escaped, an attacker can inject shell meta-characters.
|
|---|
| 원천 | ⚠️ https://github.com/awigwu76/TOTOLINK_X5000R/blob/main/1.md |
|---|
| 사용자 | awigwu76 (UID 91463) |
|---|
| 제출 | 2025. 12. 03. AM 07:32 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 12. PM 03:55 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336206 [TOTOLINK X5000R 9.1.0cu.2089_B20211224 cstecgi.cgi?action=exportOvpn&type=user snprintf 사용자 권한 상승] |
|---|
| 포인트들 | 20 |
|---|