CVE-2024-7160 | TOTOLINK A3700R 9.1.2u.5822_B20200513 /cgi-bin/cstecgi.cgi setWanCfg hostName command injection

Inserito da Angelo Barbosa | Lug 27, 2024 | CVE

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection.

This vulnerability is traded as CVE-2024-7160. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7160 | TOTOLINK A3700R 9.1.2u.5822_B20200513 /cgi-bin/cstecgi.cgi setWanCfg hostName command injection

Post correlati

CVE-2024-32045 | Mattermost up to 8.1.12/9.5.3/9.6.1 Team Membership access control

CVE-2023-49468 | strukturag Libde265 1.0.14 Global Buffer slice.cc read_coding_unit buffer overflow (Issue 432)

CVE-2024-7906 | DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type upload unrestricted upload

CVE-2024-1920 | osuuu LightPicture up to 1.2.2 TokenVerify.php handle hard-coded key