CVE-2024-53333 β€” Command Injection in Ex200 Firmware

CWE-77 β€” Command Injection4 documents4 sources
Severity
6.3MEDIUMNVD
EPSS
0.4%
top 37.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink Ex200 Firmware
Timeline
PublishedNov 21
Latest updateJul 17

Description

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:HExploitability: 2.1 | Impact: 4.2

Affected Packages1 packages

β–ΆNVDtotolink/ex200_firmware4.0.3c.7646_b20201211

πŸ”΄Vulnerability Details

2
GHSA
GHSA-pj8j-q75x-3c3f: TOTOLINK EX200 v4β†—2024-11-26
β–Ά
CVEList
CVE-2024-53333: TOTOLINK EX200 v4β†—2024-11-21
β–Ά

πŸ”Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Totolink cstecgi.cgi setUssd ussd Parameter Command Injection Attempt (CVE-2024-53333)β†—2025-07-17
β–Ά
CVE-2024-53333 β€” Command Injection in Ex200 Firmware | cvebase