CVE-2024-34218

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.
Configurations

No configuration.

History

21 Nov 2024, 09:18

Type Values Removed Values Added
References () https://github.com/n0wstr/IOTVuln/tree/main/CP450/NTPSyncWithHost - () https://github.com/n0wstr/IOTVuln/tree/main/CP450/NTPSyncWithHost -

03 Jul 2024, 01:59

Type Values Removed Values Added
CWE CWE-77
Summary
  • (es) Se descubrió que TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 contiene una vulnerabilidad de inyección de comando en la función NTPSyncWithHost a través del parámetro hostTime.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.8

14 May 2024, 15:38

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 15:38

Updated : 2024-11-21 09:18


NVD link : CVE-2024-34218

Mitre link : CVE-2024-34218

CVE.ORG link : CVE-2024-34218


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')