Command Injection in formDlna in TOTOLINK A3002RU v1.0.8 via ftpUser POST Parameter
CVE-2018-13306 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
Learn more about our User Device Pen Test.