Command injection

2023-12-2219:15:00

PRIOn knowledge base

www.prio-n.com

totolink

ex1800t

command injection

vulnerability

unauthorized

arbitrary command execution

setwifiextenderconfig

cstecgi.cgi

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.0%

JSON

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.

CPENameOperatorVersion
ex1800t_firmwareeq9.1.0cu.2112-b20220316

CPE	Name	Operator	Version
	ex1800t_firmware	eq	9.1.0cu.2112-b20220316

References

815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-key5g/