Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie (bypassing normal session checks), an unauthenticated attacker can use that parameter to execute arbitrary OS commands.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tuoshi NR500-EA 安全漏洞
Vulnerability Description
Tuoshi NR500-EA是中国拓实(Tuoshi)公司的一款无线路由器。 Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43存在安全漏洞,该漏洞源于对set_timesetting操作中参数ntpserver0的错误操作可能导致执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A