Command Injection in TOTOLINK A3002RU v1.0.8 via formAliasIp subnet Parameter

Command Injection in TOTOLINK A3002RU v1.0.8 via formAliasIp subnet Parameter

CVE-2018-13316 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.

Learn more about our Web Application Penetration Testing UK.