Command Injection Vulnerability in TOTOLINK A6000R Router
CVE-2024-57211

8HIGH

Key Information:

Vendor: TOTOLINK
Vendor: CVE Published:; 10 January 2025

Summary

The TOTOLINK A6000R router has been identified to have a command injection vulnerability through the modifyOne parameter in its enable_wsh function. This vulnerability allows an attacker to execute arbitrary commands on the device, potentially compromising its integrity and exposing sensitive data. Immediate action is recommended to mitigate any risks associated with this security flaw.

References

https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A60...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2025