CVE-2024-32353 | Totolink X5000R 9.1.0cu.2350_B20230313 /cgi-bin/cstecgi.cgi setSSServer port command injection

Posted by Angelo Barbosa | May 14, 2024 | CVE

A vulnerability was found in Totolink X5000R 9.1.0cu.2350_B20230313. It has been classified as critical. Affected is the function setSSServer of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument port leads to command injection.

This vulnerability is traded as CVE-2024-32353. The attack needs to be done within the local network. There is no exploit available.

CVE-2024-32353 | Totolink X5000R 9.1.0cu.2350_B20230313 /cgi-bin/cstecgi.cgi setSSServer port command injection

Related Posts

CVE-2024-7843 | SourceCodester Online Graduate Tracer System 1.0 exportcs.php information disclosure

CVE-2024-31086 | Venugopal Change default login logo, url and title Plugin up to 2.0 on WordPress cross-site request forgery

CVE-2024-22212 | NextCloud Global Site Selector up to 1.4.0/2.1.1/2.3.3/2.4.4 authentication bypass (GHSA-vj5q-f63m-wp77)

CVE-2024-35671 | Minoji MJ Update History Plugin up to 1.0.4 on WordPress authorization