Command Injection Vulnerability in Totolink EX300_v2 by Totolink
CVE-2021-43664

8.1HIGH

Key Information:

Vendor: Totolink
Status: Ex300 V2 Firmware
Vendor: CVE Published:; 30 March 2022

Summary

The Totolink EX300_v2 device, specifically version V4.0.3c.140_B20210429, contains a command injection vulnerability through the 'process forceugpo' component. This vulnerability allows an attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized access and exploitation. Network administrators should assess their devices against this vulnerability and implement necessary patches or mitigations to ensure device integrity and network security.

References

https://github.com/chibataiki/iot-vuls/blob/main/totolink...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2022
Vulnerability Reserved
Nov 15, 2021