Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `system.so` binary. The `setDiagnosisCfg` function retrieves the `ipDoamin` parameter from user input via `websGetVar` and concatenates it directly into a `ping` system command executed via `CsteSystem()` without any sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TOTOLINK A950RG 安全漏洞
Vulnerability Description
TOTOLINK A950RG是中国吉翁电子(TOTOLINK)公司的一款超世代 Giga 无线路由器。 TOTOLINK A950RG V5.9c.4592_B20191022_ALL版本存在安全漏洞,该漏洞源于system.so二进制文件中存在命令注入,可能导致执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A