CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-43711

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.2

EPSS Ranking 95.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/doudoudedi/ToTolink_EX200_Cmmand_Execute/blob/main/ToTolink%20EX200%20Comand%20Injection2.md
https://github.com/doudoudedi/ToTolink_EX200_Cmmand_Execute/blob/main/ToTolink%20EX200%20Comand%20Injection2.md

Products affected by CVE-2021-43711

Totolink » Ex200 » Version: N/A

cpe:2.3:h:totolink:ex200:-
Totolink » Ex200 Firmware » Version: 4.0.3c.7646_b20201211

cpe:2.3:o:totolink:ex200_firmware:4.0.3c.7646_b20201211

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43711

Products

Pricing

Contact Us