TOTOLink Router - Remote Command Execution

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

2 weeks 17 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

TOTOLink routers are vulnerable to unauthenticated remote command execution via the /boaform/formWsc endpoint. An attacker can inject OS commands through the localPin parameter.

References:

https://github.com/fizz-is-on-the-way/Iot_vuls/blob/main/N150RT/RCE_formWsc/README.md

Get started to protecting your digital assets

Start trial See the plans

TOTOLink Router - Remote Command Execution

Short Info

-

Detail

Category