CVE-2024-32354 | Totolink X5000R 9.1.0cu.2350_B20230313 /cgi-bin/cstecgi.cgi setSSServer timeout command injection

Inserito da Angelo Barbosa | Mag 14, 2024 | CVE

A vulnerability was found in Totolink X5000R 9.1.0cu.2350_B20230313. It has been declared as critical. Affected by this vulnerability is the function setSSServer of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument timeout leads to command injection.

This vulnerability is known as CVE-2024-32354. The attack needs to be initiated within the local network. There is no exploit available.

CVE-2024-32354 | Totolink X5000R 9.1.0cu.2350_B20230313 /cgi-bin/cstecgi.cgi setSSServer timeout command injection

Post correlati

CVE-2024-32718 | Webangon The Pack Elementor Addons Plugin up to 2.0.8.2 on WordPress server-side request forgery

CVE-2024-34455 | Buildroot /dev/shm default permission (0b2967e)

CVE-2024-29154 | danielmiessler fabric up to 1.3.0 index.js htmlToPlainText cross site scripting

CVE-2024-6950 | Prain up to 1.3.0 HTTP POST Request /?import file code injection