PT-2024-25741 · Totolink · Totolink Outdoor Cpe Cp450

Published

2024-05-09

Updated

2024-07-03

CVE-2024-34206

Report an issue

CVSS v3.1

6.5

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions:

TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224

Description:

A command injection issue was found in the setWebWlanIdx function via the `webWlanIdx` parameter.

Recommendations:

For version 4.1.0cu.747 B20191224, consider disabling the `setWebWlanIdx` function until a patch is available to prevent potential exploitation via the `webWlanIdx` parameter.

Exploit

Fix

Command Injection

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-05842

CVE-2024-34206

Affected Products

Totolink Outdoor Cpe Cp450

PT-2024-25741 · Totolink · Totolink Outdoor Cpe Cp450

Weakness Enumeration

Related Identifiers

Affected Products

References · 4