CVE-2024-23060 | Totolink A3300R 17.0.0cu.557_B20221024 setDmzCfg ip command injection

Posted by Angelo Barbosa | Jan 11, 2024 | CVE

A vulnerability, which was classified as critical, was found in Totolink A3300R 17.0.0cu.557_B20221024. Affected is the function setDmzCfg. The manipulation of the argument ip leads to command injection.

This vulnerability is traded as CVE-2024-23060. The attack needs to be initiated within the local network. There is no exploit available.

CVE-2024-23060 | Totolink A3300R 17.0.0cu.557_B20221024 setDmzCfg ip command injection

Related Posts

CVE-2021-47068 | Linux Kernel up to 5.12.3 nfc llcp_sock_connect use after free

CVE-2024-26648 | Linux Kernel up to 6.6.14/6.7.2 display edp_setup_replay null pointer dereference (22ae604aea14/c02d257c6541/7073934f5d73)

CVE-2024-37992 | Siemens SIMATIC Reader RF610R CMIIT up to 4.1 SNMP improper check or handling of exceptional conditions (ssa-765405)

CVE-2024-23208 | Apple iOS/iPadOS memory corruption