OS Command Injection Vulnerability in TOTOLINK X5000R Router
CVE-2024-57021
9.8CRITICAL
Summary
The TOTOLINK X5000R router is impacted by an OS command injection vulnerability through the 'eHour' parameter in the setWiFiScheduleCfg function. Attackers can exploit this flaw to execute arbitrary OS commands, which could lead to unauthorized access or control over the device. This issue highlights the importance of securing device configurations and monitoring for unusual behaviors in network equipment.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved