TOTOLINK CA300-PoE 安全漏洞

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. TOTOLINK CA300-PoE has a command injection vulnerability, the vulnerability stems from the recvUpgradeNewFw function fwUrl parameter fails to correctly filter the construction of the command special characters,...