Command Injection Vulnerability in TOTOLINK X5000R Router
CVE-2024-32355

8HIGH

Key Information:

Vendor: TOTOLINK
Status: X5000r Firmware
Vendor: CVE Published:; 14 May 2024

Summary

The TOTOLINK X5000R router has been found to be susceptible to a command injection vulnerability which can be exploited through the 'password' parameter in the setSSServer function. Attackers could potentially send malicious input that the device fails to sanitize, leading to unauthorized command execution. This vulnerability puts the integrity and security of the router and connected devices at risk, making it essential for users to address this issue promptly.

References

https://www.totolink.net/

https://github.com/1s1and123/Vulnerabilities/blob/main/de...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024