PT-2024-3339 · Totolink · Totolink Ex1800T
Published
2024-05-08
·
Updated
2024-08-01
·
CVE-2024-34257
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TOTOLINK EX1800T version 9.1.0cu.2112 B20220316
Description
The issue exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary code and elevate privileges using the
apcliEncrypType parameter. This can lead to unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.Recommendations
For TOTOLINK EX1800T version 9.1.0cu.2112 B20220316, consider disabling the use of the
apcliEncrypType parameter until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink Ex1800T