CVE-2018-13314 β OS Command Injection in A3002ru Firmware
Severity
9.8CRITICALNVD
EPSS
15.3%
top 5.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 27
Latest updateMay 13
Description
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9