CVE-2018-13311
published 2018-11-26CVE-2018-13311: System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | a3002ru_firmware | — | — |