Command Injection Vulnerability in Totolink EX300_v2 Router
CVE-2021-43663

7.5HIGH

Key Information:

Vendor: Totolink
Status: Ex300 V2 Firmware
Vendor: CVE Published:; 31 March 2022

Summary

A command injection vulnerability has been identified in the Totolink EX300_v2 router, specifically in the cloudupdate_check component. This flaw may allow an attacker to execute arbitrary commands on the device, potentially compromising its security and integrity. Users of the affected version are encouraged to apply necessary patches to mitigate the risks associated with this vulnerability.

References

https://github.com/chibataiki/iot-vuls/blob/main/totolink...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2022
Vulnerability Reserved
Nov 15, 2021