The vulnerability of the HTTP POST Request Handler component in the microprogramming software for TOTOLINK A3002R and A3002RU allows a perpetrator to execute arbitrary commands.

The vulnerability of the HTTP POST Request Handler component in the microprogramming software of TOTOLINK A3002R and A3002RU devices is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands using the...

PT-2024-1173 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: Totolink X2000R version 1.0.0-B20221212.1452 Description: A critical issue is related to the function formMapDelDevice in the /boafrm/formMapDelDevice file, where the manipulation of the macstr argument leads to command injection. This can be...