This issue could be exploited by an attacker to execute arbitrary script code in the context of the affected website. In most cases, the attacker would send a request to the target website which would contain an malicious ip parameter which would cause the command injection. The code execution would happen if the user access the affected device with the ip parameter. The attack could be prevented by input validation.
The ip parameter can be used to inject various types of commands. The parameters that need to be injected are:
ip [port] [host]
If you are using any of the services above, please upgrade to TOTOLINK A7000R V9.1.0u.6115_B20201022 as soon as possible.
TOTOLINK A7000R V9.0.0a .6114
This issue could be exploited by an attacker to execute arbitrary script code in the context of the affected website. In most cases, the attacker would send a request to the target website which would contain an malicious ip parameter which would cause the command injection. The code execution would happen if the user access the affected device with the ip parameter. The attack could be prevented by input validation.
TOTOLINK A7000R V9.1 UNAVAILABLE ON CISCO
TOTOLINK A7000R V9.1.0u.6115_B20201022 is unavailable on CISCO due to the following reasons:
- TOTOLINK A7000R V9.1.0u.6115_B20201022 is not compatible with CISCO IOS
- The program which is used in TOTOLINK A7000R V9.1.0u.6115_B20201022 is not compatible with CISCO IOS
- The code of the program which is used in TOTOLINK A7000R V9.1.0u.6115_B20201022 causes a problem in the process of loading, please upgrade to TOTOLINK A7000R V9.1 UNAVAILABLE ON CISCO
TOTOLINK A7000R V9.1.0u.6115_B20201022 Technical Details
This issue could be exploited by an attacker to execute arbitrary script code in the context of the affected website. In most cases, the attacker would send a request to the target website which would contain an malicious ip parameter which would cause the command injection. The code execution would happen if the user access the affected device with the ip parameter. The attack could be prevented by input validation.
The ip parameter can be used to inject various types of commands. The parameters that need to be injected are:
ip [port] [host]
Timeline
Published on: 08/25/2022 15:15:00 UTC
Last modified on: 08/26/2022 17:12:00 UTC