cve/CVE-2024-42739.md at c052d0d6949679697108fa931a00cd4220694869

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-31 10:40:54 +00:00

0xMarcio a8969e1323 Update CVE sources 2024-08-14 18:26

2024-08-14 18:26:11 +00:00

Description

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

POC

Reference

https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setAccessDeviceCfg/setAccessDeviceCfg.md

Github

https://github.com/fkie-cad/nvd-json-data-feeds

765 B Raw Blame History

CVE-2024-42739

Description

POC

Reference

Github

765 B

Raw Blame History