CVE-2021-27708 Information
Jun 07, 2022
cve
Description
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102 and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc’s system function with untrusted input. In the function ## CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://hackmd.io/7FtB06f-SJ-SCfkMYcXYxA https://hackmd.io/mDgIBvoxSPCZrZiZjfQGhw
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: