Totolink N350RT Setting cstecgi.cgi access control
CVE-2024-0570

6.9MEDIUM

Key Information:

Vendor

Totolink
Status
N350rt
Vendor
CVE Published:
16 January 2024

What is CVE-2024-0570?

The vulnerability in the Totolink N350RT router specifically affects the Setting Handler component, located in the /cgi-bin/cstecgi.cgi file. It exposes the system to improper access control risks, allowing unauthorized users to manipulate critical functionalities remotely. This security flaw underscores the necessity for immediate software upgrades to safeguard user confidentiality and data integrity. It is essential for administrators to apply the latest patches to mitigate potential exploitation risks associated with this vulnerability.

Affected Version(s)

N350RT 9.3.5u.6265

References

https://vuldb.com/?id.250786
vdb-entry
https://vuldb.com/?ctiid.250786
signaturepermissions-required
https://vuldb.com/?submit.263655
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chun-Li Lin
lin7lic (VulDB User)
lin7lic (VulDB User)
.
CVE-2024-0570 : Totolink N350RT Setting cstecgi.cgi access control