Submit #403211: TOTOLINK A720R rounter 4.1.5 OS Command Injectioninfo

TitleTOTOLINK A720R rounter 4.1.5 OS Command Injection
DescriptionBypass Validity_check function use strchr to blacklist dangerous characters but still can bypass using null byte to get OS Command Injection at exportOvpn function
User
 Cl0wnK1n9 (UID 74522)
Submission09/05/2024 14:49 (2 years ago)
Moderation09/14/2024 21:33 (9 days later)
StatusAccepted
VulDB entry277506 [TOTOLINK A720R 4.1.5 exportOvpn os command injection]
Points13

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!