CVE-2024-7158 | TOTOLINK A3100R 4.1.2cu.5050_B20200504 HTTP POST Request /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled command injection

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection.

This vulnerability was named CVE-2024-7158. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7158 | TOTOLINK A3100R 4.1.2cu.5050_B20200504 HTTP POST Request /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled command injection

Related Posts

CVE-2024-36060 | EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 os command injection

CVE-2024-22241 | VMware Aria Operations for Networks prior 6.12 cross site scripting (VMSA-2024-0002)

CVE-2023-35636 | Microsoft information disclosure

CVE-2024-6933 | LimeSurvey 6.5.14-240624 Survey General Settings actionUpdateSurveyLocaleSettingsGeneralSettings language sql injection