Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen (-). This allows remote authenticated attackers to inject arbitrary command-line options into the ping utility, potentially leading to a Denial of Service (DoS) by causing excessive resource consumption or prolonged execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TOTOLINK X5000R 安全漏洞
Vulnerability Description
TOTOLINK X5000R是中国吉翁电子(TOTOLINK)公司的一个路由器。 TOTOLINK X5000R v9.1.0cu_2415_B20250515版本存在安全漏洞,该漏洞源于setDiagnosisCfg处理程序中对ip参数验证不足,可能导致经过身份验证的远程攻击者注入命令行参数,引发拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A