Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially validated by checking the prefix of interface names, and is concatenated into shell commands executed via system() without escaping. An attacker with write access to this file can execute arbitrary commands on the device.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TOTOLINK A720R 安全漏洞
Vulnerability Description
TOTOLINK A720R是中国吉翁电子(TOTOLINK)公司的一款无线路由器。 TOTOLINK A720R V4.1.5cu.614_B20230630版本存在安全漏洞,该漏洞源于sysconf二进制文件处理/var/system/linux_vlan_reinit文件时验证不足,可能导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A