CVE-2024-42748 | TOTOLINK X5000r 9.1.0cu.2350_b20230313 /cgi-bin/cstecgi.cgi setWiFiWpsCfg os command injection

Inserito da Angelo Barbosa | Ago 12, 2024 | CVE

A vulnerability classified as critical has been found in TOTOLINK X5000r 9.1.0cu.2350_b20230313. Affected is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection.

This vulnerability is traded as CVE-2024-42748. The attack can only be done within the local network. There is no exploit available.

CVE-2024-42748 | TOTOLINK X5000r 9.1.0cu.2350_b20230313 /cgi-bin/cstecgi.cgi setWiFiWpsCfg os command injection

Post correlati

CVE-2024-28730 | D-Link DWR 2000M 5G VPN Configuration Module cross site scripting

CVE-2024-39474 | Linux Kernel up to 6.1.94/6.6.33/6.9.4 vmalloc __vmalloc_area_node null pointer dereference

CVE-2024-20028 | MediaTek MT8512 Da out-of-bounds write (ALPS08541632)

CVE-2024-49229 | Arif Nezami Better Author Bio Plugin up to 2.7.10.11 on WordPress cross-site request forgery