Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setModifyVpnUser/setModifyVpnUser.md
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/HouseFuzz/reports
- https://github.com/fkie-cad/nvd-json-data-feeds