OS Command Injection Vulnerability in TOTOLINK X5000r
CVE-2024-42739

8.8HIGH

Key Information:

Vendor: Totolink
Status: X5000r Firmware
Vendor: CVE Published:; 13 August 2024

Summary

The TOTOLINK X5000r contains an OS command injection vulnerability located in the /cgi-bin/cstecgi.cgi file. This vulnerability affects version v9.1.0cu.2350_b20230313 and allows authenticated attackers to send specially crafted packets. This could enable the execution of arbitrary commands on the device, posing significant risks to the security and operational integrity of the affected systems.

References

https://github.com/HouseFuzz/reports/blob/main/totolink/x...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Aug 5, 2024

Collectors

NVD DatabaseMitre Database