Command injection

2023-12-2219:15:00

PRIOn knowledge base

www.prio-n.com

command injection

totolink

ex1800t

vulnerable

unauthorized

arbitrary command execution

lansecdns parameter

setlanconfig interface

cstecgi.cgi

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.0%

JSON

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi

CPENameOperatorVersion
ex1800t_firmwareeq9.1.0cu.2112-b20220316

CPE	Name	Operator	Version
	ex1800t_firmware	eq	9.1.0cu.2112-b20220316

References

815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setLanConfig_lanSecDns/