CVE-2024-52723

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R version 9.4.0cu.1041 B20240224

Description The issue arises from the use of the Uci Set function without strict parameter filtering in the shttpd file. This allows an attacker to achieve arbitrary command execution by constructing a specific payload.

Recommendations For TOTOLINK X6000R version 9.4.0cu.1041 B20240224, consider disabling the Uci Set function until a patch is available to prevent arbitrary command execution. Restrict access to the shttpd file to minimize the risk of exploitation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2024-52723

Affected Products

Totolink X6000R

CVE-2024-52723

Weakness Enumeration

Related Identifiers

Affected Products

References · 5