Wa300
Monthly
Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the hostTime parameter in the NTPSyncWithHost function accessible through /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though actual real-world exploitation risk is mitigated by the requirement for authenticated access and the low impact scope (limited to confidentiality, integrity, and availability of the application itself, with no system-wide impact).
Command injection in Totolink WA300 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the langType parameter in the setLanguageCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though the low CVSS 2.1 score reflects limited scope (only low confidentiality and integrity impact, no system integrity or availability impact) and authentication requirement, reducing real-world attack surface.
Remote unauthenticated buffer overflow in Totolink WA300 wireless repeater firmware version 5.2cu.7112_B20190227 enables complete device compromise via crafted HTTP POST requests to the login authentication handler. The vulnerability resides in the loginauth function within /cgi-bin/cstecgi.cgi, where insufficient validation of the http_host parameter allows attackers to overflow memory and achieve arbitrary code execution with device privileges. Publicly available exploit code exists (documented via Notion), enabling trivial exploitation with EPSS probability assessment pending but attack complexity rated low (AC:L) with no authentication barrier (PR:N).
Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the webWlanIdx parameter in the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. The vulnerability requires valid user credentials but no user interaction, with publicly available exploit code demonstrating the attack.
Buffer overflow in Totolink WA300 wireless range extender firmware 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted File parameter to the UploadCustomModule function in /cgi-bin/cstecgi.cgi. Public proof-of-concept exploit exists (documented in Notion page), enabling low-skill exploitation. EPSS data not available, but low attack complexity (AC:L) and network attack vector (AV:N) combined with public POC indicate elevated real-world risk for affected devices exposed to untrusted authenticated users.
A critical OS command injection vulnerability exists in Totolink WA300 router firmware version 5.2cu.7112_B20190227, specifically in the recvUpgradeNewFw function within /cgi-bin/cstecgi.cgi. An unauthenticated remote attacker can exploit this flaw to execute arbitrary operating system commands on the affected device. A public proof-of-concept exploit has been released on GitHub, significantly lowering the barrier to exploitation and increasing real-world risk.
Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the hostTime parameter in the NTPSyncWithHost function accessible through /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though actual real-world exploitation risk is mitigated by the requirement for authenticated access and the low impact scope (limited to confidentiality, integrity, and availability of the application itself, with no system-wide impact).
Command injection in Totolink WA300 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the langType parameter in the setLanguageCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though the low CVSS 2.1 score reflects limited scope (only low confidentiality and integrity impact, no system integrity or availability impact) and authentication requirement, reducing real-world attack surface.
Remote unauthenticated buffer overflow in Totolink WA300 wireless repeater firmware version 5.2cu.7112_B20190227 enables complete device compromise via crafted HTTP POST requests to the login authentication handler. The vulnerability resides in the loginauth function within /cgi-bin/cstecgi.cgi, where insufficient validation of the http_host parameter allows attackers to overflow memory and achieve arbitrary code execution with device privileges. Publicly available exploit code exists (documented via Notion), enabling trivial exploitation with EPSS probability assessment pending but attack complexity rated low (AC:L) with no authentication barrier (PR:N).
Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the webWlanIdx parameter in the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. The vulnerability requires valid user credentials but no user interaction, with publicly available exploit code demonstrating the attack.
Buffer overflow in Totolink WA300 wireless range extender firmware 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted File parameter to the UploadCustomModule function in /cgi-bin/cstecgi.cgi. Public proof-of-concept exploit exists (documented in Notion page), enabling low-skill exploitation. EPSS data not available, but low attack complexity (AC:L) and network attack vector (AV:N) combined with public POC indicate elevated real-world risk for affected devices exposed to untrusted authenticated users.
A critical OS command injection vulnerability exists in Totolink WA300 router firmware version 5.2cu.7112_B20190227, specifically in the recvUpgradeNewFw function within /cgi-bin/cstecgi.cgi. An unauthenticated remote attacker can exploit this flaw to execute arbitrary operating system commands on the affected device. A public proof-of-concept exploit has been released on GitHub, significantly lowering the barrier to exploitation and increasing real-world risk.