Back

CVE-2024-42747

Aug. 12, 2024, 8:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

TOTOLINK X5000r

  • v9.1.0cu.2350_b20230313

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-12
CVE-2024-42747

CVE-2024-42747 details

Published : Aug. 12, 2024, 8:15 p.m.
Last Modified : Aug. 12, 2024, 8:15 p.m.

Description

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setWanIeCfg/setWanIeCfg.md cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.