| Название | Totolink C834FR-1C NR1800X command injection |
|---|
| Описание | The vulnerability exists in the cstecgi.cgi of the TOTOLINK C834FR-1C (NR1800X) firmware version V9.1.0u.6279_B20210910. When the topicurl is setUssd, the program directly concatenates the user-controllable ussd parameter with the cli_atc AT+CUSD=1, \"%s\" > /tmp/.ussd_file command string through snprintf, and calls system to execute it. The vulnerability arises due to the lack of filtering for special characters in the input, leading to command injection. An attacker can exploit this vulnerability by constructing a payload such as " ; echo 'arbitrary command' > /tmp/ussd_success;" in the ussd parameter, by prematurely closing the double quotation marks, injecting a custom command using a semicolon, and commenting out the subsequent part with a hash symbol, thereby executing arbitrary operating system commands on the target device. |
|---|
| Источник | ⚠️ https://github.com/newym/cve/blob/main/totolink%20nr1800x%20command%20injection.md |
|---|
| Пользователь | NEWYM (UID 85144) |
|---|
| Представление | 14.04.2026 15:39 (2 месяцы назад) |
|---|
| Модерация | 30.04.2026 21:01 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 360358 [Totolink NR1800X 9.1.0u.6279_B20210910 /cgi-bin/cstecgi.cgi sub_41A68C setUssd эскалация привилегий] |
|---|
| Баллы | 20 |
|---|