Totolink N350RT Setting cstecgi.cgi access control
CVE-2024-0570

9.1CRITICAL

Key Information:

Vendor
Totolink
Status
N350rt
Vendor
CVE Published:
16 January 2024

Summary

The vulnerability in the Totolink N350RT router specifically affects the Setting Handler component, located in the /cgi-bin/cstecgi.cgi file. It exposes the system to improper access control risks, allowing unauthorized users to manipulate critical functionalities remotely. This security flaw underscores the necessity for immediate software upgrades to safeguard user confidentiality and data integrity. It is essential for administrators to apply the latest patches to mitigate potential exploitation risks associated with this vulnerability.

Affected Version(s)

N350RT 9.3.5u.6265

References

https://vuldb.com/?id.250786
vdb-entry
https://vuldb.com/?ctiid.250786
signaturepermissions-required
https://vuldb.com/?submit.263655
third-party-advisory

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Chun-Li Lin
lin7lic (VulDB User)
lin7lic (VulDB User)
.