Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection
Vulnerability Description
A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
TOTOLINK WA300 操作系统命令注入漏洞
Vulnerability Description
TOTOLINK WA300是中国吉翁电子(TOTOLINK)公司的一款无线接入点。 TOTOLINK WA300 5.2cu.7112_B20190227版本存在操作系统命令注入漏洞,该漏洞源于文件/cgi-bin/cstecgi.cgi中函数recvUpgradeNewFw存在os命令注入,可能导致远程执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A