CVE-2024-0570

CWE-284Improper Access ControlCWE-862Missing Authorization3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.2%
top 59.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N350rtTotolink N350rt Firmware
Timeline
PublishedJan 16

Description

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/n350rt9.3.5u.6265
NVDtotolink/n350rt_firmware9.3.5u.6265

🔴Vulnerability Details

2
CVEList
Totolink N350RT Setting cstecgi.cgi access control2024-01-16
GHSA
GHSA-6wh7-wg3p-86m2: A vulnerability classified as critical was found in Totolink N350RT 92024-01-16
CVE-2024-0570 (MEDIUM CVSS 6.9) | A vulnerability classified as criti | cvebase.io