CVE-2024-7158 | TOTOLINK A3100R 4.1.2cu.5050_B20200504 HTTP POST Request /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled command injection

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection.

This vulnerability was named CVE-2024-7158. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7158 | TOTOLINK A3100R 4.1.2cu.5050_B20200504 HTTP POST Request /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled command injection

Related Posts

CVE-2024-27997 | Visualcomposer Visual Composer Website Builder Plugin up to 45.6.0 on WordPress cross site scripting

CVE-2024-29824 | Ivanti Endpoint Manager RecordGoodApp sql injection

CVE-2024-46077 | itsourcecode Online Tours and Travels Management System 1.0 travellers.php cross site scripting

CVE-2024-26982 | Linux Kernel up to 6.8.7/6.9-rc4 Squashfs fill_meta_index out-of-bounds (7def00ebc9f2/9253c54e01b6)