A3600R
Monthly
Command injection in Totolink A3600R firmware 4.1.2cu.5182_B20201102 allows authenticated remote attackers to execute arbitrary commands via the NoticeUrl parameter in the setNoticeCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (low-to-medium severity) but is confirmed by publicly available exploit code, making it an active threat to deployed devices despite the authentication requirement.
Command injection in Totolink A3600R firmware 4.1.2cu.5182_B20201102 allows authenticated remote attackers to execute arbitrary commands via the NoticeUrl parameter in the setNoticeCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (low-to-medium severity) but is confirmed by publicly available exploit code, making it an active threat to deployed devices despite the authentication requirement.