TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
References
Link | Resource |
---|---|
https://brief-nymphea-813.notion.site/LR350-command-injection-setUploadSetting-b6d3012a3c2f43adac79c44edd57c937 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-11-23 08:15
Updated : 2022-11-25 19:42
NVD link : CVE-2022-44252
Mitre link : CVE-2022-44252
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
totolink
- lr350
- lr350_firmware