Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2020-27368 PoC — TotoLink A702r 访问控制错误漏洞

Source
https://github.com/swzhouu/CVE-2020-27368
Associated Vulnerability
Title:TotoLink A702r 访问控制错误漏洞 (CVE-2020-27368)
Description:Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
Description
TOTOLINK-A702R-V1.0.0-B20161227.1023 Directory Indexing Vulnerability
Readme
# CVE-2020-27368
TOTOLINK-A702R-V1.0.0-B20161227.1023 Directory Indexing Vulnerability
## Description
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
## Additional Information
Remediation disabling directory listing for web server.
## VulnerabilityType
Directory Indexing
## Vendor of Product
TOTOLINK
## Affected Product Code Base
TOTOLINK-A702R-V1.0.0-B20161227.1023 - Model No. A702R (Firmware V1.0.0)
## Affected Component
Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023.
## Attack Type
Local
## Impact Information Disclosure
true
## Discoverer
Jiraput Thamsongkrah
## Proof of Concept
![Alt text](https://github.com/swzhouu/CVE-2020-27368/blob/main/TOTOLINK-A702R-V1.0.0-B20161227.1023%20Directory%20Indexing%20Vulnerability.png)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →