Описание
A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Permissions Required
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Product
- Exploit
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Exploit
Уязвимые конфигурации
Одновременно
EPSS
7.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Уязвимость функции setTelnetCfg() сценария /cgi-bin/cstecgi.cgi службы telnet микропрограммного обеспечения mesh-системы TOTOLink T6, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный код
EPSS
7.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2