CVE-2024-9001

CWE-78OS Command Injection4 documents4 sources
Severity
5.3MEDIUM
EPSS
1.0%
top 22.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink T10Totolink T10 Firmware
Timeline
PublishedSep 19

Description

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/t104.1.8cu.5207
NVDtotolink/t10_firmware4.1.8cu.5207

🔴Vulnerability Details

3
CVEList
TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection2024-09-19
GHSA
GHSA-4f5p-28mj-x3pv: A vulnerability was found in TOTOLINK T10 42024-09-19
VulnCheck
totolink t10_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2024
CVE-2024-9001 (MEDIUM CVSS 5.3) | A vulnerability was found in TOTOLI | cvebase.io