Описание
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.
Ссылки
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.1360_b20241207:*:*:*:*:*:*:*
cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.1498_b20250826:*:*:*:*:*:*:*
cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01287
Низкий
7.2 High
CVSS3
8.8 High
CVSS3
8.3 High
CVSS2
Дефекты
CWE-77
CWE-78
Связанные уязвимости
CVSS3: 7.2
github
16 дней назад
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.
EPSS
Процентиль: 80%
0.01287
Низкий
7.2 High
CVSS3
8.8 High
CVSS3
8.3 High
CVSS2
Дефекты
CWE-77
CWE-78