| tiêu đề | Totolink C834FR-1C NR1800X command injection |
|---|
| Mô tả | The vulnerability exists in the cstecgi.cgi of the TOTOLINK C834FR-1C (NR1800X) firmware version V9.1.0u.6279_B20210910. When the topicurl is setUssd, the program directly concatenates the user-controllable ussd parameter with the cli_atc AT+CUSD=1, \"%s\" > /tmp/.ussd_file command string through snprintf, and calls system to execute it. The vulnerability arises due to the lack of filtering for special characters in the input, leading to command injection. An attacker can exploit this vulnerability by constructing a payload such as " ; echo 'arbitrary command' > /tmp/ussd_success;" in the ussd parameter, by prematurely closing the double quotation marks, injecting a custom command using a semicolon, and commenting out the subsequent part with a hash symbol, thereby executing arbitrary operating system commands on the target device. |
|---|
| Nguồn | ⚠️ https://github.com/newym/cve/blob/main/totolink%20nr1800x%20command%20injection.md |
|---|
| Người dùng | NEWYM (UID 85144) |
|---|
| Đệ trình | 14/04/2026 15:39 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 30/04/2026 21:01 (16 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 360358 [Totolink NR1800X 9.1.0u.6279_B20210910 /cgi-bin/cstecgi.cgi sub_41A68C setUssd nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|