| tiêu đề | Format string bypasses input validation, leads to RCE in multiple TOTOlink devices |
|---|
| Mô tả | A special character isn't blacklisted in function `Validity_check`, bypasses the input validation, allowed attacker executes remote OS command execution as root. It looks like the function `doSystem` is vulnerable against format string. Attacker can execute the payload after character `%` as a new command due to unknown reason in the code's logic. The vulnerability was tested and confirmed on TOTOLink N200RE V5, version V9.3.5u.6437_B20230519. All command that shares the same code base should be vulnerable too (Such as TOTOLINK EX1200T V4.1.2cu.5215 CVE-2021-42875, TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 CVE-2023-4410 and so on). The real number of vulnerable firmware / device is unknown. |
|---|
| Nguồn | ⚠️ https://gist.github.com/dmknght/8f3b6aa65e9d08f45b5236c6e9ab8d80 |
|---|
| Người dùng | dmknght (UID 51830) |
|---|
| Đệ trình | 27/08/2023 10:18 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 03/09/2023 08:49 (7 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 238635 [TOTOLINK N200RE V5 9.3.5u.6437_B20230519 Validity_check Format String] |
|---|
| điểm | 20 |
|---|