CVE-2024-24328

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024

Description A command injection issue was found in the setMacFilterRules function due to inadequate neutralization of special elements. This allows a remote attacker to execute arbitrary commands via the enable parameter.

Recommendations For TOTOLINK A3300R version 17.0.0cu.557 B20221024, as a temporary workaround, consider disabling the setMacFilterRules function until a patch is available. Restrict access to the enable parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.