CVE-2024-7215 | TOTOLINK LR1200 9.3.1cu.2832 /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time command injection

Inserito da Angelo Barbosa | Lug 29, 2024 | CVE

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to command injection.

This vulnerability is handled as CVE-2024-7215. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7215 | TOTOLINK LR1200 9.3.1cu.2832 /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time command injection

Post correlati

CVE-2023-6836 | WSO2 API Manager xml external entity reference

CVE-2024-39912 | web-auth webauthn-framework up to 4.8.x ProfileBasedRequestOptionsBuilder observable response discrepancy

CVE-2023-52657 | Linux Kernel up to 6.1.80/6.6.20/6.7.8 drm denial of service

CVE-2024-23877 | Cups Easy 1.0 URL currencycreate.php cross site scripting