Remote Code Execution Vulnerability in TOTOLINK Networking Products
CVE-2024-51228

Currently unrated

Key Information:

Vendor: TOTOLINK
Status: TOTOLINK CX Series Routers
Vendor: CVE Published:; 27 November 2024

Summary

An issue in certain TOTOLINK networking products enables remote attackers to execute arbitrary code through the /boafrm/formSysCmd component. This vulnerability affects multiple versions of the CX series routers and can lead to serious security breaches if exploited, allowing unauthorized access and control over the affected devices.

References

https://www.totolink.tw/products_view/N302RE

https://www.totolink.tw/products_view/N300RT

https://totolink.tw/support_view/A3002RU

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 27, 2024