Authenticated Remote Command Execution Vulnerability in TOTOLINK X5000R
CVE-2024-32349

6MEDIUM

Key Information:

Vendor: TOTOLINK
Status: X5000r Firmware
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-32349?

An authenticated remote command execution vulnerability exists in the TOTOLINK X5000R router. The issue is triggered through manipulation of the 'mtu' parameters within the 'cstecgi.cgi' binary, which allows an attacker to execute arbitrary commands on the device. Due to the nature of this vulnerability, it necessitates the attacker to have valid authentication credentials, complicating unauthorized exploitation. However, once these credentials are compromised, the potential for malicious activities increases significantly, placing users' networks at risk. Organizations relying on affected versions of TOTOLINK's X5000R router are recommended to review their network security practices and apply any patches or updates provided by the vendor.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.totolink.net/

https://github.com/1s1and123/Vulnerabilities/blob/main/de...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024

JSON

TOTOLINK

What is CVE-2024-32349?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.