A vulnerability was discovered in the management interface, which could allow command injection through improper input parameter filtering. This defect is due to insufficient sanitization of user-provided data passed to certain interfaces in the web management panel of the router. An attacker who can log in to the panel can exploit this vulnerability by sending carefully crafted parameter values, leading to arbitrary code execution.

The KingSmith Security Center sincerely thanks the Julien R. team! We also welcome more excellent professional security experts and security teams to join the KingSmith Security Center to jointly ensure the security access of millions of KingSmith users worldwide.

Created on March 1, 2023

The CVSS scoring system includes three metrics: base metrics, temporal metrics, and environmental metrics. Base metrics include factors such as the vulnerability's attack vector, attack complexity, authentication requirements, impact scope, and impact level. Temporal metrics include factors such as vulnerability availability and changes in attack complexity over time. Environmental metrics include factors such as special requirements of the vulnerability for the system environment. The CVSS scoring system combines base metrics, temporal metrics, and environmental metrics to generate a score from 0 to 10, which describes the severity of the vulnerability. The higher the score, the more severe the vulnerability. Specifically, the CVSS scoring system categorizes vulnerabilities into four levels: low risk (score 0.0~3.9), medium risk (score 4.0~6.9), high risk (score 7.0~8.9), and critical risk (score 9.0~10.0).

KingSmith welcomes security experts and research teams to join our vulnerability disclosure program. KingSmith is committed to taking responsibility for the security of our global users, allowing them to enjoy a secure and reliable smart life.
For the security vulnerabilities disclosed on this page, KingSmith does not imply any form of express or implied warranty or guarantee, including warranties of merchantability, fitness for a particular purpose, or non-infringement. You understand that the vulnerability disclosure information is provided for reference purposes only to assess security risks and make appropriate decisions. In any case, KingSmith shall not be liable for any damages, including direct, indirect, incidental, consequential business profit loss or special damages, arising from your use of this document.