Command Injection Vulnerability in TOTOLINK A6000R Router
CVE-2024-57213
Currently unrated
Summary
The TOTOLINK A6000R router is vulnerable to a command injection flaw that arises from improper handling of the newpasswd parameter within the action_passwd function. This vulnerability enables attackers to execute arbitrary commands on the device, potentially leading to a full compromise of the router's functionality and security. To mitigate this risk, users are advised to update to the latest firmware version and implement secure password practices.
References
EPSS Score
5% chance of being exploited in the next 30 days.
Timeline
Vulnerability published