| Название | TOTOLINK N150RT 3.4.0-B20190525 Remote Code Execution |
|---|
| Описание | Title: TOTOLINK N150RT Firmware Version 3.4.0-B20190525 TargetAPSsid OS COMMAND
INJECTION
Vulnerability Type: OS Command Injection
Vulnerability Description
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 within the Boa WebServer of
the router firmware. The attack can be initiated remotely. Authentication is required for exploitation.
The manipulation of the argument targetAPSsid of /boa/formWSC parameter leads to os command
injection which is caused by improper neutralization of input leading to directly usage of it to command
injection.
Impact
As vulnerability class is OS command injection attackers may abuse Linux utilities that enable
command execution to bypass security controls restricting direct use of command-line interpreters like
bash or sh. Utilities like netcat (nc) may also be used to establish reverse shells or transfer malicious
payloads.
Vulnerability Disclosure: https://docs.google.com/document/d/1meuD3WLzPE0HHQAm_Ar6zx1NDyO29zsK/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true
|
|---|
| Источник | ⚠️ https://docs.google.com/document/d/1meuD3WLzPE0HHQAm_Ar6zx1NDyO29zsK/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 11.06.2025 01:39 (10 месяцы назад) |
|---|
| Модерация | 19.06.2025 09:47 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 313299 [TOTOLINK N150RT 3.4.0-B20190525 /boa/formWSC targetAPSsid эскалация привилегий] |
|---|
| Баллы | 20 |
|---|