version:

TOTOLINK X6000R-V9.4.0cu.852_B20230719

Vulnerability Introduction

Command Execution Vulnerability

Firmware download address

<https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html?_JS140.238.14.1=32a3b88fa917c478ff16813b06e93632b1699790448_184814390>

Vulnerability details

In the shttpd file, sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

Untitled

In libcscommon.so

Untitled

Recurring vulnerabilities and POC

Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.