CVE-2024-9001 | TOTOLINK T10 4.1.8cu.5207 /cgi-bin/cstecgi.cgi setTracerouteCfg command os command injection

Posted by Angelo Barbosa | Sep 19, 2024 | CVE

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection.

This vulnerability was named CVE-2024-9001. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-9001 | TOTOLINK T10 4.1.8cu.5207 /cgi-bin/cstecgi.cgi setTracerouteCfg command os command injection

Related Posts

CVE-2024-24818 | EspoCRM up to 8.1.1 Password Change Page external reference

CVE-2024-36542 | kuma 2.7.0 permission

CVE-2024-27202 | F5 BIG-IP up to 15.1.1.0/16.1.4/17.1.1 Configuration utility cross site scripting (K000138520)

CVE-2024-20327 | Cisco IOS XR on ASR 9000 PPPoE denial of service (cisco-sa-iosxr-pppma-JKWFgneW)