| tiêu đề | Totolink EX1800T V9.1.0cu.2112_B20220316 OS Command Injection |
|---|
| Mô tả | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘recHour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. This vulnerability don't need to login, due to insufficient input validation and sanitization, an attacker can exploit this flaw by injecting malicious OS commands through the recHour field. Successful exploitation allows the attacker to execute any command.
|
|---|
| Nguồn | ⚠️ https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2007%20setRebootScheCfg-_recHour.md |
|---|
| Người dùng | selph (UID 82377) |
|---|
| Đệ trình | 06/03/2025 08:32 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 07/03/2025 16:45 (1 day later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 298954 [TOTOLINK EX1800T 9.1.0cu.2112_B20220316 /cgi-bin/cstecgi.cgi setRebootScheCfg mode/week/minute/recHour nâng cao đặc quyền] |
|---|
| điểm | 0 |
|---|