CVE-2024-10966

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Nov 7, 2024

Updated: Nov 8, 2024

CWE ID 78

CWE ID 77

Summary

CVE-2024-10966 is a newly disclosed critical vulnerability affecting the TOTOLINK X18 9.1.0cu.2024_B20220329 firmware. This issue lies in the /cgi-bin/cstecgi.cgi file, where manipulation of the 'enable' argument can result in os command injection. An attacker can exploit this remotely, making it a significant concern for network security. The exploit for this vulnerability has become publicly available, increasing the risk for potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0TL5Er
https://www.cve.org/CVERecord?id=CVE-2024-10966
https://nvd.nist.gov/vuln/detail/CVE-2024-10966

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-10966

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations