Gửi #779128: Totolink A3300R 17.0.0cu.557_b20221024 Command Injectionthông tin

tiêu đềTotolink A3300R 17.0.0cu.557_b20221024 Command Injection
Mô tả A vulnerability was found in Totolink A3300R 17.0.0cu.557_b20221024 . Affected by this vulnerability is the function sub_41F5D0 of the component cstecgi.cgi . The manipulation of the argument lanIp with an unknown input leads to a command injection vulnerability.We found a Command Injection vulnerability in shttpd , allows remote attackers to execute arbitrary OS commands from a crafted request.In sub_41F5D0 function, it reads in a user-provided parameter lanIp and passes its value to Uci_Set_Str function.However ,the value of the lanIp is inserted into v11 using snprintf,and the value of v11 will be handled by the function CsteSystem.Finally,the command will be executed by execv() in CsteSystem.
Nguồn⚠️ https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_39/README.md
Người dùng LtzHuster2 (UID 96397)
Đệ trình13/03/2026 02:38 (cách đây 4 các tháng)
Kiểm duyệt29/03/2026 19:51 (17 days later)
Trạng tháiđược chấp nhận
Mục VulDB354126 [Totolink A3300R 17.0.0cu.557_b20221024 Parameter /cgi-bin/cstecgi.cgi setLanCfg lanIp nâng cao đặc quyền]
điểm20

Interested in the pricing of exploits?

See the underground prices here!