exploitDog

GHSA-mqx6-fm3x-25wm

Опубликовано: 22 нояб. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

Ссылки

EPSS

Процентиль: 46%

0.0023

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2024-52723

CVSS3: 9.8

nvd

около 1 года назад

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

EPSS

Процентиль: 46%

0.0023

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78