CVE-2024-0579
Totolink X2000R formMapDelDevice command injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250795. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Una vulnerabilidad fue encontrada en Totolink X2000R 1.0.0-B20221212.1452 y clasificada como crítica. La función formMapDelDevice del archivo /boafrm/formMapDelDevice es afectada por esta vulnerabilidad. La manipulación del argumento macstr conduce a la inyección de comandos. El ataque se puede lanzar de forma remota. La explotación ha sido divulgada al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-250795. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
In Totolink X2000R 1.0.0-B20221212.1452 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion formMapDelDevice der Datei /boafrm/formMapDelDevice. Mittels Manipulieren des Arguments macstr mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-01-16 CVE Reserved
- 2024-01-16 CVE Published
- 2024-10-19 EPSS Updated
- 2024-10-22 CVE Updated
- 2024-10-22 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.250795 | Technical Description |
URL | Date | SRC |
---|---|---|
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md | 2024-10-22 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Totolink Search vendor "Totolink" | X2000r Firmware Search vendor "Totolink" for product "X2000r Firmware" | 1.0.0-b20221212.1452 Search vendor "Totolink" for product "X2000r Firmware" and version "1.0.0-b20221212.1452" | - |
Affected
| in | Totolink Search vendor "Totolink" | X2000r Search vendor "Totolink" for product "X2000r" | - | - |
Safe
|