Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit this flaw by injecting arbitrary system commands, which are executed by the underlying operating system with root privileges. The router uses the Boa web server (version 0.93.15) to handle the request. Successful exploitation can lead to full system compromise and unauthorized control of the network device.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PLDT WiFi Router Prolink PGN6401V 安全漏洞
Vulnerability Description
PLDT WiFi Router Prolink PGN6401V是菲律宾PLDT公司的一款路由器。 PLDT WiFi Router Prolink PGN6401V Firmware 8.1.2版本存在安全漏洞,该漏洞源于ping6.asp页面中对pingAddr参数清理不足,可能导致OS命令注入。
CVSS Information
N/A
Vulnerability Type
N/A