CVE-2024-27521

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024

Description The issue allows an attacker to take complete control of the device through an unauthenticated remote command execution via multiple parameters in the setOpModeCfg function. This enables unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges, specifically as the user root.

Recommendations For TOTOLINK A3300R version 17.0.0cu.557 B20221024, as a temporary workaround, consider disabling the setOpModeCfg function until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.