CVE-2024-42737

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000r version 9.1.0cu.2350 b20230313

Description The file /cgi-bin/cstecgi.cgi in TOTOLINK X5000r contains an OS command injection vulnerability in delBlacklist. Authenticated attackers can send malicious packets to execute arbitrary commands.

Recommendations For TOTOLINK X5000r version 9.1.0cu.2350 b20230313, as a temporary workaround, consider disabling the delBlacklist function in the /cgi-bin/cstecgi.cgi file until a patch is available. Restrict access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.