A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Dec 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Totolink
Totolink x6000r Totolink x6000r Firmware |
|
CPEs | cpe:2.3:h:totolink:x6000r:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719:*:*:*:*:*:*:* |
|
Vendors & Products |
Totolink
Totolink x6000r Totolink x6000r Firmware |
MITRE
Status: PUBLISHED
Assigner: VulDB
Published: 2024-03-10T07:31:04.225Z
Updated: 2024-08-12T13:49:53.588Z
Reserved: 2024-03-09T16:56:06.223Z
Link: CVE-2024-2353
Vulnrichment
Updated: 2024-08-01T19:11:53.347Z
NVD
Status : Analyzed
Published: 2024-03-10T08:15:05.920
Modified: 2024-12-16T22:57:06.437
Link: CVE-2024-2353
Redhat
No data.