CVE-2024-34205OS Command Injection in Cp450 Firmware

CWE-78OS Command Injection3 documents3 sources
Severity
7.3HIGHNVD
EPSS
4.7%
top 10.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink Cp450 Firmware
Timeline
PublishedMay 14

Description

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages1 packages

NVDtotolink/cp450_firmware4.1.0cu.747_b20191224

🔴Vulnerability Details

2
GHSA
GHSA-pvm5-6q5c-5jfp: TOTOLINK CP450 v42024-05-14
CVEList
CVE-2024-34205: TOTOLINK CP450 v42024-05-09
CVE-2024-34205 — OS Command Injection in Cp450 Firmware | cvebase