CVE-2018-13307

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU version 1.0.8

Description The issue allows attackers to execute system commands via the ntpServerIp2 POST parameter in the fromNtp function. Certain payloads can cause the device to become permanently inoperable.

Recommendations For TOTOLINK A3002RU version 1.0.8, avoid using the ntpServerIp2 parameter in the affected POST request until the issue is resolved. As a temporary workaround, consider restricting access to the fromNtp function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.