Command injection

2023-12-2218:15:00

PRIOn knowledge base

www.prio-n.com

command injection

unauthorized access

arbitrary execution

cstecgi.cgi

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.

CPENameOperatorVersion
ex1800t_firmwareeq9.1.0cu.2112-b20220316

CPE	Name	Operator	Version
	ex1800t_firmware	eq	9.1.0cu.2112-b20220316

References

815yang.github.io/2023/12/11/EX1800T/2/3/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setWiFiExtenderConfig-apcliChannel/