totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.
References
Link | Resource |
---|---|
https://hackmd.io/t_nRWxS2Q2O7GV2E5BhQMg | Exploit Third Party Advisory |
http://a3100r.com | Broken Link |
http://totolink.com | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-03-30 16:15
Updated : 2022-04-05 12:14
NVD link : CVE-2021-46007
Mitre link : CVE-2021-46007
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
totolink
- ar3100r_firmware
- ar3100r