Remote Code Execution in TOTOLINK A3002R Router
CVE-2024-54907

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: A3002r Firmware
Vendor: CVE Published:; 26 December 2024

What is CVE-2024-54907?

The TOTOLINK A3002R router has been identified as having a vulnerability that allows for remote code execution. This issue manifests through the /bin/boa component, specifically when using formWsc. As a result, an attacker can execute arbitrary code on the device without prior authentication. Users of the affected version of the A3002R should take immediate steps to safeguard their networks, such as applying available patches, disabling unused services, and considering additional security measures to prevent unauthorized access.

References

https://github.com/MnrikSrins/totolink_A3002R_RCE

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2024
Vulnerability Reserved
Dec 6, 2024