| 제목 | Totolink N300RHv4 V6.1c.1353_B20190305 OS Command Injection |
|---|
| 설명 | A pre‑authentication OS command injection vulnerability exists in the `setWiFiWpsConfig` functionality exposed via the web management interface (`/cgi-bin/cstecgi.cgi`) of the TOTOLINK N300RH V4 router.
The CGI handler retrieves user‑controlled input from the HTTP parameter `PIN`, embeds it directly into a shell command string using `sprintf`, and executes it via `CsteSystem()` without any sanitization or escaping. As a result, a remote attacker with network access to the web interface can inject arbitrary shell commands and execute them with root privileges on the device, without authentication.
This allows full compromise of the router and, potentially, further compromise of the attached network. |
|---|
| 원천 | ⚠️ https://github.com/JXBbozaihuang/vuln-research/issues/2 |
|---|
| 사용자 | bozaihuang (UID 95768) |
|---|
| 제출 | 2026. 02. 23. AM 04:06 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 07. AM 09:40 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 349642 [Totolink N300RH 6..1c.1353_B20190305 CGI /cgi-bin/cstecgi.cgi setWiFiWpsConfig 권한 상승] |
|---|
| 포인트들 | 20 |
|---|