PT-2026-3433 · Totolink · Totolink Lr350
Wxhwxhwxh_Tutu
·
Publicado
2025-01-10
·
Atualizado
2026-01-29
·
CVE-2026-1150
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Totolink LR350 version 9.3.5u.6369 B20220309
Description
A security flaw exists in Totolink LR350. The issue is due to command injection within the
setTracerouteCfg function of the /cgi-bin/cstecgi.cgi file, specifically in the POST Request Handler component. Manipulation of the command argument allows for remote execution of commands. The exploit for this issue has been publicly released.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Command Injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Totolink Lr350