CVE-2024-8869

CWE-78OS Command Injection3 documents3 sources
Severity
2.3LOW
EPSS
0.3%
top 47.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A720rTotolink A720r Firmware
Timeline
PublishedSep 15
Latest updateSep 16

Description

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a720r4.1.5

🔴Vulnerability Details

2
GHSA
GHSA-9h42-jv2f-gc8x: A vulnerability classified as critical has been found in TOTOLINK A720R 42024-09-16
CVEList
TOTOLINK A720R exportOvpn os command injection2024-09-15
CVE-2024-8869 (LOW CVSS 2.3) | A vulnerability classified as criti | cvebase.io