OS Command Injection Vulnerability in TOTOLINK X5000r from TOTOLINK
CVE-2024-42737
8.8HIGH
What is CVE-2024-42737?
The TOTOLINK X5000r router has a significant OS command injection vulnerability located in the delBlacklist endpoint of its CGI script. This vulnerability allows authenticated attackers to exploit the flaw by sending crafted packets that can execute arbitrary commands on the underlying operating system. As a result, the integrity and confidentiality of the device and network may be severely compromised. Users of affected firmware versions should take immediate action to mitigate potential risks.
