CVE-2024-7160 | TOTOLINK A3700R 9.1.2u.5822_B20200513 /cgi-bin/cstecgi.cgi setWanCfg hostName command injection

Inserito da Angelo Barbosa | Lug 27, 2024 | CVE

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection.

This vulnerability is traded as CVE-2024-7160. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7160 | TOTOLINK A3700R 9.1.2u.5822_B20200513 /cgi-bin/cstecgi.cgi setWanCfg hostName command injection

Post correlati

CVE-2024-31250 | Saumya Majumder WP Server Health Stats Plugin up to 1.7.3 on WordPress cross-site request forgery

CVE-2023-42828 | Apple macOS crontabs Privilege Escalation

CVE-2024-0183 | RRJ Nueva Ecija Engineer Online Portal 1.0 NIA Office /admin/students.php cross site scripting

CVE-2023-52920 | Linux Kernel bpf is_jmp_point comparison (41f6f64e6999)