Command injection

2023-12-2219:15:00

PRIOn knowledge base

www.prio-n.com

command injection

setdiagnosiscfg

cstecgi

totolink a3700r

firmware v9.1.2u.5822_b20200513

security vulnerability

7.7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.3%

JSON

There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.

CPENameOperatorVersion
a3700r_firmwareeq9.1.2u.5822-b20200513

CPE	Name	Operator	Version
	a3700r_firmware	eq	9.1.2u.5822-b20200513

References

815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R%28setDiagnosisCfg%29/