CVE-2024-10966

Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version 9.1.0cu.2024 B20220329

Description: A critical issue has been found in the TOTOLINK X18, affecting some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the enable argument leads to os command injection. This issue may be exploited remotely. The exploit has been disclosed to the public.

Recommendations: For version 9.1.0cu.2024 B20220329, update to the latest firmware immediately to mitigate risks. As a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file until a patch is available. Avoid using the enable argument in the affected API endpoint until the issue is resolved.