CVE-2024-57021
published 2025-01-15CVE-2024-57021: TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.57%
72.3th percentile
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | x5000r_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wp9g-p59f-6fmw: TOTOLINK X5000R V9
ghsa_unreviewed·2025-01-15
CVE-2024-57021 [CRITICAL] CWE-78 GHSA-wp9g-p59f-6fmw: TOTOLINK X5000R V9
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
Red Hat
kernel: dev/parport: fix the array out-of-bounds risk
vendor_redhat·2024-08-17·CVSS 7.8
CVE-2024-42301 [HIGH] kernel: dev/parport: fix the array out-of-bounds risk
kernel: dev/parport: fix the array out-of-bounds risk
In the Linux kernel, the following vulnerability has been resolved:
dev/parport: fix the array out-of-bounds risk
Fixed array out-of-bounds issues caused by sprintf
by replacing it with snprintf for safer data copying,
ensuring the destination buffer is not overflowed.
Below is the stack trace I encountered during the actual issue:
[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:
Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]
[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:
QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2
[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp
[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-15
Published