CVE-2024-2353

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 10, 2024
Updated: Mar 21, 2024
CWE ID 78

Summary

CVE-2024-2353 is a critical vulnerability found in Totolink X6000R 9.4.0cu.852_20230719. This vulnerability affects the setDiagnosisCfg function in the shttpd component's file /cgi-bin/cstecgi.cgi, allowing for remote os command injection through manipulation of the "ip" argument. The exploit has been publicly disclosed, and the vendor has not responded to the disclosure. This vulnerability poses a high risk to organizations as it allows attackers to execute arbitrary commands on affected systems, potentially compromising their confidentiality, integrity, and availability. Remediation for this vulnerability may require patching or updating the affected product to a secure version provided by the vendor.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2353 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options