CVE-2024-24331 | Totolink A3300R 17.0.0cu.557_B20221024 setWiFiScheduleCfg enable command injection

Posted by Angelo Barbosa | Jan 30, 2024 | CVE

A vulnerability was found in Totolink A3300R 17.0.0cu.557_B20221024. It has been declared as critical. Affected by this vulnerability is the function setWiFiScheduleCfg. The manipulation of the argument enable leads to command injection.

This vulnerability is known as CVE-2024-24331. The attack needs to be initiated within the local network. There is no exploit available.

CVE-2024-24331 | Totolink A3300R 17.0.0cu.557_B20221024 setWiFiScheduleCfg enable command injection

Related Posts

CVE-2024-30248 | piccolo-admin SVG Loader cross site scripting

CVE-2024-34993 | Bulk Export Products to Google Merchant-Google Shopping Module renderCategories sql injection

CVE-2024-36932 | Linux Kernel up to 6.8.9 thermal_debug_cdev_remove use after free (c1279dee3336/d351eb0ab04c)

CVE-2023-45673 | laurent22 joplin up to 2.13.2 code injection (GHSA-g8qx-5vcm-3×59)