Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq endpoint fails to sanitize shell metacharacters sent via JSON parameters, thus allowing attackers to execute arbitrary OS commands with root privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tuoshi LT15D 安全漏洞
Vulnerability Description
Tuoshi LT15D是中国拓实(Tuoshi)公司的一款无线路由器。 Tuoshi LT15D存在安全漏洞,该漏洞源于/goform/formJsonAjaxReq端点未清理shell元字符,允许未经验证的远程攻击者执行任意OS命令。
CVSS Information
N/A
Vulnerability Type
N/A