CVE-2021-43711

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*
cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*

Information

Published : 2022-01-04 06:15

Updated : 2022-01-12 07:25


NVD link : CVE-2021-43711

Mitre link : CVE-2021-43711


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

totolink

  • ex200_firmware
  • ex200