CVE-2024-0297 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi UploadFirmwareFile FileName os command injection

Posted by Angelo Barbosa | Jan 7, 2024 | CVE

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection.

The identification of this vulnerability is CVE-2024-0297. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0297 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi UploadFirmwareFile FileName os command injection

Related Posts

CVE-2024-42633 | Linksys E1500 1.0.06.001 do_upgrade_post os command injection

CVE-2023-6835 | WSO2 API Manager/IoT Server Forum API Rating input validation

CVE-2024-20377 | Cisco Firepower Management Center up to 7.4.1.1 cross site scripting (cisco-sa-fmc-xss-infodisc-RL4mJFer)

CVE-2024-52055 | Wowza Streaming Engine up to 4.8.27+5 XML File injection