TOTOLINK N300RH V4 Unauthenticated Arbitrary File Deletion Vulnerability (CWE-73)

TOTOLINK N300RH V4 Router Arbitrary File Deletion Vulnerability (CVE-73) Vulnerability Overview The web management interface of the TOTOLINK N300RH V4 wireless router contains an External Control of File Name or Path vulnerability (CWE-73). This vulnerability resides in the handler within . Because this handler performs no validation, sanitization, or path restrictions on the attacker-controlled parameter, but instead passes it directly to the function, an attacker can delete arbitrary files on the device's filesystem. Scope of Impact Affected Product: TOTOLINK N300RH V4 Wireless Router Affected Firmware Versions: V6.1c.1353_B20190305 V6.1c.1390_B20191101 Vulnerability Type: External Control of File Name or Path (CWE-73) Attack Vector: Entry Point: Handler Selector: Injection Parameter: Authentication Requirement: Unauthenticated User Interaction: None required Remediation 1. Validate and Sanitize File Paths: Strictly whitelist the parameter, allowing only alphanumeric characters and specific extensions. Reject path traversal sequences (such as ) and ensure the path remains within allowed directories. 2. Use Secure Temporary Files: Use a secure random naming mechanism (such as ) when generating temporary file names, rather than accepting user-supplied file names. 3. Implement Authentication/Authorization: Ensure that sensitive endpoints require proper authentication and that users have the necessary permissions to perform requested file operations. 4. Principle of Least Privilege**: The web server should run with minimal privileges rather than as root, to limit the impact of path traversal attacks. Proof of Concept (POC) Code Example Request (Deleting ) Path Traversal Variant (Deleting ) Vulnerable Code Snippet (Decompiled)

Goal Reached Thanks to every supporter — we hit 100%!

TOTOLINK N300RH V4 Unauthenticated Arbitrary File Deletion Vulnerability (CWE-73)

More from this source