Submeter #807199: Totolink WA300 WA300 V5.2cu.7112_B20190227 Command Injectioninformação

TítuloTotolink WA300 WA300 V5.2cu.7112_B20190227 Command Injection
DescriçãoIn the WA300 V5.2cu.7112_B20190227 firmware has a command injection vulnerability in the NTPSyncWithHost function. The Var variable receives the hostTime parameter from a POST request. However, since the user can control the input of hostTime, the telnet service can cause a command injection vulnerability.
Fonte⚠️ https://lavender-bicycle-a5a.notion.site/TOTOLINK-WA300-NTPSyncWithHost-34553a41781f80808f3cfd14e1c603e7
Utilizador
 wxhwxhwxh_mie (UID 66748)
Submissão17/04/2026 19h25 (há 2 meses)
Moderação03/05/2026 10h09 (16 days later)
EstadoAceite
Entrada VulDB360897 [Totolink WA300 5.2cu.7112_B20190227 /cgi-bin/cstecgi.cgi NTPSyncWithHost hostTime Elevação de Privilégios]
Pontos15

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!