TOTOLINK CP450 匿名FTP上传导致RCE漏洞

TOTOLINK CP450 V4.1.0cu.747 配置错误漏洞 漏洞概述 TOTOLINK CP450 V4.1.0cu.747 存在配置错误漏洞，允许匿名 FTP 用户以自动分配的 root 权限上传文件，可能导致设备完全被控制。 影响范围 TOTOLINK CP450 V4.1.0cu.747 修复方案 无 POC代码 ``` a document this to enable any form of FTP write access: write_enable=YES Default umask for local users is 077. You may wish to change this to 022, if your users expect that (022 is used by most other ftpd's) local_umask=0 Uncomment this to allow the anonymous FTP user to upload files. This only has an effect if the above global write enable is activated. Also, you will obviously need to create a directory writable by the FTP user. anon_upload_enable=YES Uncomment this if you want the anonymous FTP user to be able to create new directories. anon_mkdir_write_enable=YES Activate directory messages - messages given to remote users when they go into a certain directory. dirmessage_enable=YES The target log file can be proftpd_logfile, syslog or /dev/stderr. Note that the default format is %t which translates to the date and time when the transaction was completed. xferlog_enable=YES This will enable the use of the FTP protocol for file transfers. Note: If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP protocol for file transfers. If you want to use the FTP protocol for file transfers, you need to enable the FTP protocol in the proftpd.conf file. The default is to use the FTP pro

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

TOTOLINK CP450 匿名FTP上传导致RCE漏洞

目标达成感谢每一位支持者 — 我们达成了 100% 目标！