2 matches found
CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798_B20221228 is affected by a command injection vulnerability in the UploadFirmwareFile function, exploitable via the FileName parameter. Root cause: insufficient filtering/validation of constructed commands in FileName leading to command execution with local privileges....
CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...