CVE-2024-41318

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000

Description: The issue is related to the apcli wps gen pincode function in the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in a command when processing the ifname parameter. This can allow a remote attacker to execute arbitrary commands.

Recommendations: For TOTOLINK A6000R version V1.0.1-B20201211.2000, consider disabling the apcli wps gen pincode function until a patch is available to prevent exploitation via the ifname parameter. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the ifname parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.