PT-2022-11732 · Totolink · Totolink Ex1200T
Published
2022-06-03
·
Updated
2023-08-08
·
CVE-2021-42888
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TOTOLINK EX1200T version 4.1.2cu.5215
Description
The issue is a remote command injection vulnerability in the
setLanguageCfg function of the global.so file. This vulnerability allows an attacker to control the langType variable to launch an attack.Recommendations
For TOTOLINK EX1200T version 4.1.2cu.5215, consider disabling the
setLanguageCfg function until a patch is available to prevent exploitation. Restrict access to the global.so file to minimize the risk of attack. Avoid using the langType variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink Ex1200T