CVE-2024-0292 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi setOpModeCfg hostName os command injection

Inserito da Angelo Barbosa | Gen 7, 2024 | CVE

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection.

This vulnerability is traded as CVE-2024-0292. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0292 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi setOpModeCfg hostName os command injection

Post correlati

CVE-2022-48640 | Linux Kernel up to 5.15.70/5.19.11/6.0 Virtual Address bond_rr_gen_slave_id null pointer dereference (ec3a6f4ffe55/2c8e8ab53acf/0e400d602f46)

CVE-2024-23904 | Log Command Plugin up to 1.0.2 on Jenkins args4j command path traversal

CVE-2024-4924 | Social Sharing Plugin up to 3.3.62 on WordPress Setting cross site scripting

CVE-2023-41092 | Intel Stratix/Agilex up to 23.2 on Intel SDM Firmware return value (intel-sa-01007)