Command injection

2023-12-2219:15:00

PRIOn knowledge base

www.prio-n.com

totolink

command injection

vulnerability

langateway parameter

setlanconfig interface

cstecgi.cgi

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.0%

JSON

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi.

CPENameOperatorVersion
ex1800t_firmwareeq9.1.0cu.2112-b20220316

CPE	Name	Operator	Version
	ex1800t_firmware	eq	9.1.0cu.2112-b20220316

References

815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig-lanGateway/