Authenticated Remote Command Execution Vulnerability in TOTOLINK X5000R
CVE-2024-32351

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: X5000r Firmware
Vendor: CVE Published:; 14 May 2024

Summary

The TOTOLINK X5000R has been identified with a vulnerability that allows remote command execution through the exploitation of the 'mru' parameter in the 'cstecgi.cgi' component. An authenticated user can potentially manipulate this parameter leading to unauthorized command execution on the device. This flaw presents a significant risk for network integrity and device security as it could be exploited by malicious actors to gain control over the affected systems.

References

https://www.totolink.net/

https://github.com/1s1and123/Vulnerabilities/blob/main/de...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024