CVE-2018-13316

2018-11-2721:00:00

mitre

www.cve.org

AI Score

9.9

Confidence

High

EPSS

0.007

Percentile

79.9%

JSON

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the “subnet” POST parameter.

References

blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154