Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WAYOS LQ_04/LQ_05/LQ_06/LQ_07/LQ_09 usb_paswd.asp command injection
Vulnerability Description
A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
WAYOS多款产品 命令注入漏洞
Vulnerability Description
WAYOS LQ是中国维盟(WAYOS)公司的一系列行为管理路由器。 WAYOS多款产品存在命令注入漏洞,该漏洞源于对文件/usb_paswd.asp中参数Name的错误操作,可能导致远程命令注入攻击。以下产品及版本受到影响:WAYOS LQ_04、LQ_05、LQ_06、LQ_07和LQ_09 22.03.17版本。
CVSS Information
N/A
Vulnerability Type
N/A