漏洞标题
Totolink N200RE V5 cstecgi.cgi 会话过期
漏洞描述信息
以下是翻译后的内容:
在Totolink N200RE V5 9.3.5u.6255_B20211224中发现了一个漏洞。这种漏洞被分类为有问题的。影响到的是文件/cgi-bin/cstecgi.cgi中未知的功能。导致会话过期。可以从远程发起攻击。攻击的复杂性相当高,易于利用。这种漏洞已经公开,可能被利用。为了区分该漏洞,已将其分配了一个ID:VDB-252186。
请注意,供应商在此披露的信息后很快就收到通知,但他们没有作出任何回应。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
漏洞类别
不充分的会话过期机制
漏洞标题
Totolink N200RE V5 cstecgi.cgi session expiration
漏洞描述信息
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
不充分的会话过期机制
漏洞标题
TOTOLINK N200RE 代码问题漏洞
漏洞描述信息
TOTOLINK N200RE是中国吉翁电子(TOTOLINK)公司的一个路由器。 TOTOLINK N200RE V5 9.3.5u.6255_B20211224版本存在代码问题漏洞。攻击者利用该漏洞导致会话过期。
CVSS信息
N/A
漏洞类别
代码问题