2 matches found
CVE-2018-13307
TOTOLINK A3002RU (firmware 1.0.8) suffers a system command injection in the fromNtp handler, exploitable via the ntpServerIp2 POST parameter. The vulnerability allows an attacker to execute system commands, with the potential to render the device permanently inoperable. The provided documents do ...
CVE-2018-13307
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...