CVE-2024-41320

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000

Description: The issue is related to the get apcli conn info function in the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in an OS command. This can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted command. The vulnerability is specifically related to the ifname parameter in the get apcli conn info function.

Recommendations: For TOTOLINK A6000R version V1.0.1-B20201211.2000, consider disabling the get apcli conn info function until a patch is available to prevent exploitation. Additionally, restrict access to the ifname parameter to minimize the risk of command injection attacks.