CVE-2024-41315

Name of the Vulnerable Software and Affected Versions TOTOLINK A6000R version 1.0.1-B20201211.2000

Description The issue is related to a command injection vulnerability in the apcli do enr pin wps function, specifically via the ifname parameter. This vulnerability can be exploited by a remote attacker to execute arbitrary commands. The vulnerability is caused by the lack of proper sanitization of special elements used in the command when processing the ifname parameter.

Recommendations For TOTOLINK A6000R version 1.0.1-B20201211.2000, consider disabling the apcli do enr pin wps function until a patch is available to prevent exploitation of the command injection vulnerability via the ifname parameter. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the ifname parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.