In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 | |
Metrics |
ssvc
|
Tue, 13 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Totolink
Totolink x5000r Totolink x5000r Firmware |
|
Weaknesses | CWE-78 | |
CPEs | cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6369_b20230113:*:*:*:*:*:*:* |
|
Vendors & Products |
Totolink
Totolink x5000r Totolink x5000r Firmware |
|
Metrics |
cvssV3_1
|
Tue, 13 Aug 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-13T00:00:00
Updated: 2024-08-14T14:45:59.649Z
Reserved: 2024-08-05T00:00:00
Link: CVE-2024-42739
Vulnrichment
Updated: 2024-08-14T14:45:46.888Z
NVD
Status : Modified
Published: 2024-08-13T14:15:13.940
Modified: 2024-08-14T15:35:13.153
Link: CVE-2024-42739
Redhat
No data.