Access Control Vulnerability in TOTOLINK Router
CVE-2024-42966
What is CVE-2024-42966?
The vulnerability in the TOTOLINK N350RT router relates to improper access controls within its firmware, specifically version V9.3.5u.6139_B20201216. An attacker can exploit this weakness by sending a specially crafted request to the '/cgi-bin/ExportSettings.sh' endpoint, allowing them to access the sensitive apmib configuration file. This configuration file contains critical information, including user credentials, which can lead to further exploitation of the device and the network it connects to. Organizations should take preventive measures to secure their devices against this type of access control flaw to protect sensitive information from unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Timeline
Vulnerability published
