exploitDog

CVE-2021-43711

Опубликовано: 04 янв. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.

Ссылки

https://github.com/doudoudedi/ToTolink_EX200_Cmmand_Execute/blob/main/ToTolink%20EX200%20Comand%20Injection2.md
Exploit
Third Party Advisory
https://github.com/doudoudedi/ToTolink_EX200_Cmmand_Execute/blob/main/ToTolink%20EX200%20Comand%20Injection2.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211:*:*:*:*:*:*:*

cpe:2.3:h:totolink:ex200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19992

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-chwf-9c6x-wv85

github

около 4 лет назад

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.

EPSS

Процентиль: 95%

0.19992

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77