Описание
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:totolink:ex300_v2_firmware:4.0.3c.7484:*:*:*:*:*:*:*
cpe:2.3:h:totolink:ex300_v2:-:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13299
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
EPSS
Процентиль: 94%
0.13299
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-77