CVE-2024-7214 | TOTOLINK LR350 9.3.5u.6369_B20220309 /cgi-bin/cstecgi.cgi setWanCfg hostName command injection

Posted by Angelo Barbosa | Jul 29, 2024 | CVE

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection.

This vulnerability is known as CVE-2024-7214. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7214 | TOTOLINK LR350 9.3.5u.6369_B20220309 /cgi-bin/cstecgi.cgi setWanCfg hostName command injection

Related Posts

CVE-2024-4576 | Tibco EBX up to 9.25 path traversal

CVE-2024-32042 | CyberPower PowerPanel up to 4.9.0 storing passwords in a recoverable format (icsa-24-123-01)

CVE-2023-44254 | Fortinet FortiAnalyzer/FortiManager up to 6.2.12/6.4.14/7.0.12/7.2.4/7.4.0 HTTP Request authorization (FG-IR-23-204)

CVE-2024-8529 | LearnPress Plugin up to 4.2.7 on WordPress c_fields sql injection