CVE-2024-7181 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled command injection

Inserito da Angelo Barbosa | Lug 28, 2024 | CVE

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection.

This vulnerability was named CVE-2024-7181. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7181 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled command injection

Post correlati

CVE-2024-33327 | Lumisxp 15.0.x/16.1.x UrlAccessibilityEvaluation.jsp contentHtml cross site scripting

CVE-2023-46174 | IBM InfoSphere Information Server 11.7 Web UI cross site scripting (XFDB-269506)

CVE-2024-3281 | HP Poly CCX prior 8.1.3.1301 improper authorization

CVE-2024-44060 | Jennifer Hall Filmix Plugin up to 1.1 on WordPress cross site scripting