CVE-2024-42737 | TOTOLINK X5000r 9.1.0cu.2350_b20230313 /cgi-bin/cstecgi.cgi delBlacklist os command injection

Posted by Angelo Barbosa | Aug 13, 2024 | CVE

A vulnerability classified as critical has been found in TOTOLINK X5000r 9.1.0cu.2350_b20230313. Affected is the function delBlacklist of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection.

This vulnerability is traded as CVE-2024-42737. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-42737 | TOTOLINK X5000r 9.1.0cu.2350_b20230313 /cgi-bin/cstecgi.cgi delBlacklist os command injection

Related Posts

CVE-2023-46942 | evershop up to 1.0.0-rc.7 GraphQL Endpoint information disclosure

CVE-2024-29385 | D-Link DIR-845L up to 1.01KRb03 soapcgi_main improper authentication

CVE-2023-50120 | GPAC 2.3-DEV-rev636-gfbd7e13aa-master MP4Box media_tools/av_parsers.c av1_uvlc infinite loop

CVE-2024-33932 | Vinod Dalvi Login Logout Register Menu Plugin up to 2.0 on WordPress cross site scripting