CVE-2024-35397 | Totolink CP900L 4.1.5cu.798_B20221228 Request NTPSyncWithHost hostTime command injection

Inserito da Angelo Barbosa | Mag 28, 2024 | CVE

A vulnerability has been found in Totolink CP900L 4.1.5cu.798_B20221228 and classified as critical. Affected by this vulnerability is the function NTPSyncWithHost of the component Request Handler. The manipulation of the argument hostTime leads to command injection.

This vulnerability is known as CVE-2024-35397. The attack can be launched remotely. There is no exploit available.

CVE-2024-35397 | Totolink CP900L 4.1.5cu.798_B20221228 Request NTPSyncWithHost hostTime command injection

Post correlati

CVE-2024-45007 | Linux Kernel up to 5.15.165/6.1.106/6.6.47/6.10.6 xillybus destroy_workqueue Privilege Escalation

CVE-2024-30038 | Microsoft Windows up to Server 2022 23H2 Win32k heap-based overflow

CVE-2024-28583 | FreeImage 3.19.0 r1909 XPM Image readLine buffer overflow

CVE-2024-30410 | Juniper Junos OS up to 20.4R3-S1/21.2R3-S6/21.4R3-S5 on EX4300 IPv6 Firewall Filter incorrect behavior order (JSA79100)