CVE-2024-41315 | TOTOLINK A6000R 1.0.1-B20201211.2000 apcli_do_enr_pin_wps ifname command injection

Inserito da Angelo Barbosa | Lug 22, 2024 | CVE

A vulnerability was found in TOTOLINK A6000R 1.0.1-B20201211.2000. It has been classified as critical. This affects the function apcli_do_enr_pin_wps. The manipulation of the argument ifname leads to command injection.

This vulnerability is uniquely identified as CVE-2024-41315. Access to the local network is required for this attack to succeed. There is no exploit available.

CVE-2024-41315 | TOTOLINK A6000R 1.0.1-B20201211.2000 apcli_do_enr_pin_wps ifname command injection

Post correlati

CVE-2024-41037 | Linux Kernel up to 6.6.40/6.9.9 ASoC hw_params_upon_resume null pointer dereference (8246bbf818ed/993af0f2d9f2/9065693dcc13)

CVE-2024-33820 | Totolink AC1200 4.0.0-B20230531.1404 formWlEncrypt wlan_ssid buffer overflow

CVE-2024-6410 | ProfileGrid Plugin up to 5.8.9 on WordPress resource injection

CVE-2023-43628 | GPSd 3.25.1~dev NTRIP Stream Parser integer underflow (TALOS-2023-1860)