CVE-2024-42740
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Summary
CVE-2024-42740 is a newly disclosed vulnerability affecting the TOTOLINK X5000r v9.1.0cu.2350_b20230313 router. The issue lies within the /cgi-bin/cstecgi.cgi file, specifically within the setLedCfg function. This vulnerability allows authenticated attackers to inject and execute arbitrary operating system commands by sending malicious packets to the router. Successful exploitation could result in unauthorized system access, data theft, or other malicious activities. Users are strongly advised to update their routers to the latest firmware as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.