Command Injection Vulnerability in TOTOLINK Outdoor CPE CP450
CVE-2024-34210

7.3HIGH

Key Information:

Vendor: TOTOLINK
Status: Cp450 Firmware
Vendor: CVE Published:; 14 May 2024

Summary

The TOTOLINK Outdoor CPE CP450 contains a vulnerability that allows command injection through the CloudACMunualUpdate function. This issue arises when the FileName parameter is manipulated by an attacker, enabling unauthorized command execution. As a result, the integrity and confidentiality of the device and potentially the network may be compromised. It is essential for users of the affected version to apply necessary security measures and updates to mitigate these risks.

References

https://github.com/n0wstr/IOTVuln/tree/main/CP450/CloudAC...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024