A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection.

The identification of this vulnerability is CVE-2024-1781. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.