2 matches found
CVE-2021-27708
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
CVE-2021-27708
CVE-2021-27708 describes a command injection in TOTOLINK X5000R (firmware v9.1.0u.6118_B20201102) and TOTOLINK A720R (firmware v4.1.5cu.470_B20200911). The issue arises when the code calls glibc’s system() with untrusted input and passes the attacker-controlled "+command" parameter directly, enab...