PT-2024-36433 · Totolink · Totolink A3002Ru
Published
2024-11-20
·
Updated
2025-04-09
·
CVE-2024-54907
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3002R version 4.0.0-B20230531.1404
Description
The issue concerns the execution of remote code in the /bin/boa file through the formWsc. This allows for remote code execution.
Recommendations
For version 4.0.0-B20230531.1404, consider disabling access to the /bin/boa file via formWsc as a temporary workaround until a patch is available. Restrict access to the formWsc to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3002Ru