제출 #807199: Totolink WA300 WA300 V5.2cu.7112_B20190227 Command Injection정보

제목Totolink WA300 WA300 V5.2cu.7112_B20190227 Command Injection
설명In the WA300 V5.2cu.7112_B20190227 firmware has a command injection vulnerability in the NTPSyncWithHost function. The Var variable receives the hostTime parameter from a POST request. However, since the user can control the input of hostTime, the telnet service can cause a command injection vulnerability.
원천⚠️ https://lavender-bicycle-a5a.notion.site/TOTOLINK-WA300-NTPSyncWithHost-34553a41781f80808f3cfd14e1c603e7
사용자
 wxhwxhwxh_mie (UID 66748)
제출2026. 04. 17. PM 07:25 (2 개월 ago)
모더레이션2026. 05. 03. AM 10:09 (16 days later)
상태수락
VulDB 항목360897 [Totolink WA300 5.2cu.7112_B20190227 /cgi-bin/cstecgi.cgi NTPSyncWithHost hostTime 권한 상승]
포인트들15

이전개요다음

Want to know what is going to be exploited?

We predict KEV entries!