PT-2024-34567 · Totolink · Totolink-Cx-N302Re+3
Published
2024-11-27
·
Updated
2024-11-29
·
CVE-2024-51228
CVSS v3.1
6.8
Medium
| Vector | AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TOTOLINK-CX-A3002RU version 1.0.4-B20171106.1512
TOTOLINK-CX-N150RT version 2.1.6-B20171121.1002
TOTOLINK-CX-N300RT versions 2.1.6-B20170724.1420 through 2.1.8-B20191010.1107
TOTOLINK-CX-N302RE version 2.0.2-B20170511.1523
Description
A problem in the mentioned TOTOLINK devices allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.
Recommendations
For TOTOLINK-CX-A3002RU version 1.0.4-B20171106.1512, restrict access to the /boafrm/formSysCmd component until a patch is available.
For TOTOLINK-CX-N150RT version 2.1.6-B20171121.1002, restrict access to the /boafrm/formSysCmd component until a patch is available.
For TOTOLINK-CX-N300RT versions 2.1.6-B20170724.1420 through 2.1.8-B20191010.1107, restrict access to the /boafrm/formSysCmd component until a patch is available.
For TOTOLINK-CX-N302RE version 2.0.2-B20170511.1523, restrict access to the /boafrm/formSysCmd component until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink-Cx-A3002Ru
Totolink-Cx-N150Rt
Totolink-Cx-N300Rt
Totolink-Cx-N302Re