CVE-2024-32353 | Totolink X5000R 9.1.0cu.2350_B20230313 /cgi-bin/cstecgi.cgi setSSServer port command injection

Posted by Angelo Barbosa | May 14, 2024 | CVE

A vulnerability was found in Totolink X5000R 9.1.0cu.2350_B20230313. It has been classified as critical. Affected is the function setSSServer of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument port leads to command injection.

This vulnerability is traded as CVE-2024-32353. The attack needs to be done within the local network. There is no exploit available.

CVE-2024-32353 | Totolink X5000R 9.1.0cu.2350_B20230313 /cgi-bin/cstecgi.cgi setSSServer port command injection

Related Posts

CVE-2024-7524 | Mozilla Firefox up to 128 Content Security Policy cross site scripting

CVE-2024-39403 | Adobe Commerce/Magento Open Source up to 2.4.4-p9/2.4.5-p8/2.4.6-p6/2.4.7-p1 cross site scripting (apsb24-61)

CVE-2024-43410 | Eugeny russh up to 0.44.0 allocation of resources

CVE-2024-26144 | Ruby on Rails up to 6.1.7.6/7.0.8.0 Active Storage information disclosure (GHSA-8h22-8cf7-hq6g)