CVE-2024-41314

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000

Description: A command injection issue exists due to the lack of neutralization of special elements used in the operating system command. This issue is related to the vif disable function and can be exploited via the iface parameter, allowing a remote attacker to execute arbitrary commands.

Recommendations: For TOTOLINK A6000R version V1.0.1-B20201211.2000, consider disabling the vif disable function as a temporary workaround until a patch is available. Restrict access to the iface parameter in the affected function to minimize the risk of exploitation.