CVE-2024-37626

Name of the Vulnerable Software and Affected Versions TOTOLINK A6000R version 1.0.1-B20201211.2000

Description A command injection issue allows a remote attacker to execute arbitrary code via the iface parameter in the vif enable function. This enables the attacker to inject and execute commands, potentially leading to unauthorized access or control of the system.

Recommendations For TOTOLINK A6000R version 1.0.1-B20201211.2000, consider disabling the vif enable function until a patch is available to prevent exploitation of the command injection issue. Restrict access to the iface parameter to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.