OS Command Injection
The
vulnerability is caused by missing input validation in the wan_hostname
parameter and can be exploited to inject and execute arbitrary shell
commands. With wget it is possible to upload and execute a backdoor to
compromise the device.
You need to be authenticated to the device or you have to find other methods for inserting the malicious commands.
link here
留言
張貼留言