PT-2024-39287 · Totolink · Totolink A720R
Cl0Wnk1N9
·
Published
2024-09-14
·
Updated
2024-09-20
·
CVE-2024-8869
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
TOTOLINK A720R version 4.1.5
Description:
A critical vulnerability has been found, affecting the
exportOvpn function, which leads to os command injection. The attack can be launched remotely, with a rather high complexity and difficult exploitability. The vendor was contacted about this disclosure but did not respond. There have been reports of offensive activities targeting this vulnerability.Recommendations:
For TOTOLINK A720R version 4.1.5, as a temporary workaround, consider disabling the
exportOvpn function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A720R