Vulnerability Details CVE-2021-46007
totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.094
EPSS Ranking 92.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2021-46007
-
cpe:2.3:h:totolink:ar3100r:-
-
cpe:2.3:o:totolink:ar3100r_firmware:5.9c.4577