CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
Configurations

No configuration.

History

21 Nov 2024, 09:14

Type Values Removed Values Added
References () https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md - () https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md -
References () https://www.totolink.net/ - () https://www.totolink.net/ -

03 Jul 2024, 01:56

Type Values Removed Values Added
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.0
Summary
  • (es) Se descubrió que TOTOLINK X5000R V9.1.0cu.2350_B20230313 contiene una vulnerabilidad de inyección de comandos a través del parámetro 'timeout' en la función setSSServer en /cgi-bin/cstecgi.cgi.

14 May 2024, 16:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 16:17

Updated : 2024-11-21 09:14


NVD link : CVE-2024-32354

Mitre link : CVE-2024-32354

CVE.ORG link : CVE-2024-32354


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')