Wa300 Firmware
Monthly
OS command injection in Totolik WA300 firmware via the setAPNetwork function allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 5.2cu.7112_B20190227 and impacts the /cgi-bin/cstecgi.cgi endpoint through manipulation of the Ipaddr parameter.
Command injection in TOTOLINK WA300 firmware (version 5.2cu.7112_B20190227 and earlier) allows authenticated remote attackers to execute arbitrary commands through a malformed UPLOAD_FILENAME parameter in the cstecgi.cgi function. Public exploit code exists for this vulnerability, and no patch is currently available.
OS command injection in Totolik WA300 firmware via the setAPNetwork function allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 5.2cu.7112_B20190227 and impacts the /cgi-bin/cstecgi.cgi endpoint through manipulation of the Ipaddr parameter.
Command injection in TOTOLINK WA300 firmware (version 5.2cu.7112_B20190227 and earlier) allows authenticated remote attackers to execute arbitrary commands through a malformed UPLOAD_FILENAME parameter in the cstecgi.cgi function. Public exploit code exists for this vulnerability, and no patch is currently available.