TOTOLINK X5000R addBlacklist Function OS Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the addBlacklist function in the file /cgi-bin/cstecgi.cgi failing to properly filter...

PT-2024-30116 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the addBlacklist function of the /cgi-bin/cstecgi.cgi file. Authenticated attackers can send malicious packets to...