Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via Uci_Get_Str and passed to the CsteSystem function without adequate validation or filtering. This allows an authenticated attacker to execute arbitrary shell commands with root privileges by injecting shell metacharacters into the affected parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TOTOLINK X5000R 安全漏洞
Vulnerability Description
TOTOLINK X5000R是中国吉翁电子(TOTOLINK)公司的一个路由器。 TOTOLink X5000R v9.1.0cu_2415_B20250515版本存在安全漏洞,该漏洞源于setIptvCfg处理程序中对vlanVidLanX等参数验证和过滤不足,可能导致经过身份验证的攻击者以root权限执行任意shell命令。
CVSS Information
N/A
Vulnerability Type
N/A