Remote Command Injection Vulnerability in TOTOLINK EX1200T by TOTOLINK
CVE-2021-42875

9.8CRITICAL

Key Information:

Vendor
Totolink
Status
Ex1200t Firmware
Vendor
CVE Published:
2 June 2022

Summary

The TOTOLINK EX1200T version V4.1.2cu.5215 is susceptible to a remote command injection vulnerability within the setDiagnosisCfg function of the system.so module. This flaw can potentially allow an attacker to manipulate the device's ipDoamin settings. Successful exploitation of this vulnerability may lead to unauthorized control over the device, raising significant security concerns for users relying on the affected networking hardware.

References

http://ex1200t.com
x_refsource_MISC
http://totolink.net
x_refsource_MISC
https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_i...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.