changed 3 years ago
Published Linked with GitHub

CVE-2021-46007

by KVS

  • Description
    The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.

  • Affected version
    Totolink A3100R V5.9c.4577

  • Root Cause Analysis
    It seems that all special symbols are not checked

  • Proof-of-Concept

    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

Select a repo