CVE-2023-3991 Information

Description

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.

Reference

https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html