Full title: TOTOLINK Wireless Routers Remote Command Execution Exploit 
Category: remote exploits
Platform: hardware
Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running - which is typically root.

# 0day.today @ http://0day.today/