CVE-2024-34204 | Totolink CP450 4.1.0cu.747_B20191224 setUpgradeFW FileName command injection

Posted by Angelo Barbosa | May 9, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Totolink CP450 4.1.0cu.747_B20191224. Affected by this issue is the function setUpgradeFW. The manipulation of the argument FileName leads to command injection.

This vulnerability is handled as CVE-2024-34204. Access to the local network is required for this attack to succeed. There is no exploit available.

CVE-2024-34204 | Totolink CP450 4.1.0cu.747_B20191224 setUpgradeFW FileName command injection

Related Posts

CVE-2023-45929 | S-Lang 2.3.2 fixup_tgetstr memory corruption

CVE-2024-0734 | Smsot up to 2.12 /get.php tid sql injection

CVE-2014-125109 | BestWebSoft Portfolio Plugin up to 2.27 bws_menu/bws_menu.php bws_add_menu_render bwsmn_form_email cross site scripting

CVE-2024-24796 | MagePeople Event Manager and Tickets Selling Plugin for WooCommerce deserialization