| Название | Format string bypasses input validation, leads to RCE in multiple TOTOlink devices |
|---|
| Описание | A special character isn't blacklisted in function `Validity_check`, bypasses the input validation, allowed attacker executes remote OS command execution as root. It looks like the function `doSystem` is vulnerable against format string. Attacker can execute the payload after character `%` as a new command due to unknown reason in the code's logic. The vulnerability was tested and confirmed on TOTOLink N200RE V5, version V9.3.5u.6437_B20230519. All command that shares the same code base should be vulnerable too (Such as TOTOLINK EX1200T V4.1.2cu.5215 CVE-2021-42875, TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 CVE-2023-4410 and so on). The real number of vulnerable firmware / device is unknown. |
|---|
| Источник | ⚠️ https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80 |
|---|
| Пользователь | dmknght (UID 51830) |
|---|
| Представление | 27.08.2023 10:18 (3 лет назад) |
|---|
| Модерация | 03.09.2023 08:49 (7 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 238635 [TOTOLINK N200RE V5 9.3.5u.6437_B20230519 Validity_check Format String] |
|---|
| Баллы | 20 |
|---|