Command Execution Vulnerability in TOTOLINK X6000R Router Software
CVE-2024-52723

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: X6000r Firmware
Vendor: CVE Published:; 22 November 2024

Summary

An inherent vulnerability in the TOTOLINK X6000R router's software is identified as a flaw in the shttpd file, where the Uci_Set Str function is inadequately protected by parameter filtering. This oversight enables attackers to craft and submit malicious payloads, which can lead to arbitrary command execution. As a result, unauthorized users may gain control over the affected router's functionalities, posing a significant threat to network security and data integrity.

References

http://x6000r.com

https://gist.github.com/M4rg4tr01d/e84f8ed8dc27960d7c56ad...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024

Collectors

NVD Database