Submit #189818: Remote OS command Injection at setTracerouteCfg on TOTOLink EX1200Linfo

TitleRemote OS command Injection at setTracerouteCfg on TOTOLink EX1200L
Description## Description and impact Function `setTracerouteCfg` executes os command `traceroute`. An attacker can execute remote os command using crafted payload at `Trace Address` ## Root cause When the function `setTracerouteCfg` is called, it crafts the ping command following syntax `traceroute -m %d %s&>/var/log/traceRouteLog`. The value of `Trace Address` is not validated, therefore an attacker can send crafted payload to execute OS command and get the command output with `getTracerouteCfg` ![image](https://user-images.githubusercontent.com/29118926/257681369-2532e044-ab89-4529-a2f9-e83616c9124e.png)
Source⚠️ https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8
User
 dmknght (UID 51830)
Submission08/02/2023 04:37 (3 years ago)
Moderation08/18/2023 10:04 (16 days later)
StatusAccepted
VulDB entry237514 [TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 setTracerouteCfg os command injection]
Points20

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>