CVE-2024-2353

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 10, 2024

Updated: Dec 16, 2024

CWE ID 269

Summary

CVE-2024-2353 is a newly disclosed critical vulnerability affecting the shttpd component in Totolink X6000R 9.4.0cu.852_20230719. The function setDiagnosisCfg in the file /cgi-bin/cstecgi.cgi contains a flaw that allows attackers to inject os commands by manipulating the ip argument. This vulnerability can be exploited remotely, and the exploit has already been made public. The identifier VDB-256313 has been assigned to this issue. Unfortunately, the vendor was contacted about this disclosure but failed to respond.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Fineract

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uL5Auy
https://www.cve.org/CVERecord?id=CVE-2024-2353
https://nvd.nist.gov/vuln/detail/CVE-2024-2353

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners