mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 18:27:13 +00:00
TOTOLINK routers remote command injection vulnerabilities (CVE-2020-25499)
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
FOFA query rule: (body="/boafrm/formLogin" && body="dw(password_warning)")
Demo
