(CVE-20221-35404) Prolink PRC2402M applogin.cgi sys_login1 Authenticated Command Injection Vulnerability
CVE: CVE-2021-35404 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by applogin.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. Authentication is required to exploit this vulnerability. The router makes GET requests through HTML forms to interact with the cgi scripts....