version:

TOTOLINK X6000R-V9.4.0cu.852_B20230719

Vulnerability Introduction

Command Execution Vulnerability

Firmware download address

<https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html?_JS140.238.14.1=32a3b88fa917c478ff16813b06e93632b1699790448_184814390>

Vulnerability details

In the shttpd file,sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

Untitled

Untitled

In libcscommon.so

Untitled

Recurring vulnerabilities and POC

Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.