CVE-2024-24327 | Totolink A3300R 17.0.0cu.557_B20221024 setIpv6Cfg pppoePass command injection

Posted by Angelo Barbosa | Jan 30, 2024 | CVE

A vulnerability has been found in Totolink A3300R 17.0.0cu.557_B20221024 and classified as critical. This vulnerability affects the function setIpv6Cfg. The manipulation of the argument pppoePass leads to command injection.

This vulnerability was named CVE-2024-24327. The attack can only be done within the local network. There is no exploit available.

CVE-2024-24327 | Totolink A3300R 17.0.0cu.557_B20221024 setIpv6Cfg pppoePass command injection

Related Posts

CVE-2023-7185 | 7-card Fakabao up to 1.0_build20230805 shop/wxpay_notify.php out_trade_no sql injection

CVE-2023-48369 | Mattermost up to 7.8.12/8.1.3/9.0.1/9.1.0 Log resource consumption

VDB-264458 | TrojanSpy.Win64.EMOTET.A CRYPTBASE.dll uncontrolled search path

CVE-2024-36994 | Splunk Enterprise/Cloud Platform Web Bulletin Message cross site scripting (SVD-2024-0714)