| 标题 | TOTOLINK N150RT 3.4.0-B20190525 Remote Code Execution |
|---|
| 描述 | Title: TOTOLINK N150RT Firmware Version 3.4.0-B20190525 TargetAPSsid OS COMMAND
INJECTION
Vulnerability Type: OS Command Injection
Vulnerability Description
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 within the Boa WebServer of
the router firmware. The attack can be initiated remotely. Authentication is required for exploitation.
The manipulation of the argument targetAPSsid of /boa/formWSC parameter leads to os command
injection which is caused by improper neutralization of input leading to directly usage of it to command
injection.
Impact
As vulnerability class is OS command injection attackers may abuse Linux utilities that enable
command execution to bypass security controls restricting direct use of command-line interpreters like
bash or sh. Utilities like netcat (nc) may also be used to establish reverse shells or transfer malicious
payloads.
Vulnerability Disclosure: https://docs.google.com/document/d/1meuD3WLzPE0HHQAm_Ar6zx1NDyO29zsK/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true
|
|---|
| 来源 | ⚠️ https://docs.google.com/document/d/1meuD3WLzPE0HHQAm_Ar6zx1NDyO29zsK/edit?usp=sharing&ouid=108490350035271792747&rtpof=true&sd=true |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2025-06-11 01時39分 (11 月前) |
|---|
| 管理 | 2025-06-19 09時47分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 313299 [TOTOLINK N150RT 3.4.0-B20190525 /boa/formWSC targetAPSsid 权限提升] |
|---|
| 积分 | 20 |
|---|