CVE-2021-46007

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.
References
Link Resource
https://hackmd.io/t_nRWxS2Q2O7GV2E5BhQMg Exploit Third Party Advisory
http://a3100r.com Broken Link
http://totolink.com Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:ar3100r_firmware:5.9c.4577:*:*:*:*:*:*:*
cpe:2.3:h:totolink:ar3100r:-:*:*:*:*:*:*:*

Information

Published : 2022-03-30 16:15

Updated : 2022-04-05 12:14


NVD link : CVE-2021-46007

Mitre link : CVE-2021-46007


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

totolink

  • ar3100r_firmware
  • ar3100r