System Command Injection Vulnerability in TOTOLINK A3002RU by TOTOLINK
CVE-2018-13307
9.8CRITICAL
What is CVE-2018-13307?
The TOTOLINK A3002RU version 1.0.8 is susceptible to a system command injection vulnerability within the fromNtp function. Attackers can exploit this flaw by crafting malicious payloads through the 'ntpServerIp2' POST parameter, allowing them to execute arbitrary system commands. This can lead to significant security breaches, including complete loss of device functionality, effectively rendering the device inoperable.
