The vulnerability of the setUpgradeUboot() function in TOTOLINK CP900 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setUpgradeUboot function in TOTOLINK CP900 router microprogramming software is related to the lack of measures to sanitize input data during the processing of the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

TOTOLINK CP900 setUpgradeUboot Function Command Injection Vulnerability

The TOTOLINK CP900 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK CP900 suffers from a command injection vulnerability that stems from the setUpgradeUboot function failing to properly filter constructor command special characters, commands, etc. No detailed vulnerabilit...

PT-2025-18654 · Totolink · Totolink Cp900L

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900 version 6.3c.1144 B20190715 Description: The issue is related to a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This allows attackers to execute arbitrary commands via a crafted...