CVE-2024-41316

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000

Description: The issue is related to the apcli cancel wps function in the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted command. The vulnerability is specifically related to the ifname parameter in the apcli cancel wps function.

Recommendations: For TOTOLINK A6000R version V1.0.1-B20201211.2000, consider disabling the apcli cancel wps function until a patch is available to prevent exploitation via the ifname parameter. Restrict access to the vulnerable function to minimize the risk of arbitrary code execution. Avoid using the ifname parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.