CVE-2024-51228
published 2024-11-27CVE-2024-51228: An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and…
PriorityP275medium6.8CVSS 3.1
AVAACLPRHUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.79%
88.6th percentile
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.
Detection & IOCsextracted from sources · hover to see the quote
- →Send a POST request to /boafrm/formSysCmd with body parameter sysCmd=sleep%206 and check for a response duration >= 6 seconds, HTTP 302 status code, and Server header containing 'Boa/0.94' — all three conditions must be true to confirm exploitation.
- →Shodan query 'html:"TOTOLINK"' can be used to identify potentially vulnerable internet-exposed TOTOLINK devices.
- →The vulnerability is time-based: a response duration >= 6 seconds after injecting a sleep command confirms OS command injection via the sysCmd parameter.
- ·Exploitation requires the attacker to be on the adjacent network (AV:A) and have high privileges (PR:H) per the CVSS vector, limiting remote unauthenticated exploitation.
- ·Affected firmware versions are specifically: A3002RU V1.0.4-B20171106.1512, N150RT V2.1.6-B20171121.1002, N300RT V2.1.6-B20170724.1420, N300RT V2.1.8-B20171113.1408, N300RT V2.1.8-B20191010.1107, and N302RE V2.0.2-B20170511.1523. ↗
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hcgq-c6f2-4jh5: An issue in TOTOLINK-CX-A3002RU V1
ghsa_unreviewed·2024-11-27
CVE-2024-51228 [MEDIUM] CWE-78 GHSA-hcgq-c6f2-4jh5: An issue in TOTOLINK-CX-A3002RU V1
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.
VulnCheck
totolink a3002ru Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2024·CVSS 6.8
CVE-2024-51228 [MEDIUM] totolink a3002ru Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
totolink a3002ru Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.
Affected: totolink a3002ru
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2024-51228&date=2025-10-29; https://api.vulncheck.
No detection rules found.
Nuclei
TOTOLINK CX-A3002RU - Remote Code Execution
nuclei·CVSS 6.8
CVE-2024-51228 [MEDIUM] TOTOLINK CX-A3002RU - Remote Code Execution
TOTOLINK CX-A3002RU - Remote Code Execution
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.
Template:
id: CVE-2024-51228
info:
name: TOTOLINK CX-A3002RU - Remote Code Execution
author: DhiyaneshDK
severity: medium
description: |
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-
No writeups or analysis indexed.
2024-11-27
Published
Exploited in the wild