CVE-2018-13316
published 2018-11-27CVE-2018-13316: System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | a3002ru_firmware | — | — |