CVE-2021-27708

CVE-2021-27708

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc’s system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.

Source: CVE-2021-27708

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.