CVE-2024-41319

Name of the Vulnerable Software and Affected Versions TOTOLINK A6000R version V1.0.1-B20201211.2000

Description The issue is related to the cmd parameter in the webcmd function of the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in the operating system command. This can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted command.

Recommendations For version V1.0.1-B20201211.2000, as a temporary workaround, consider disabling the webcmd function until a patch is available. Restrict access to the cmd parameter in the webcmd function to minimize the risk of exploitation. Avoid using the cmd parameter in the affected webcmd function until the issue is resolved.