CVE-2024-42741
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 78
Summary
CVE-2024-42741 is a newly discovered vulnerability affecting the TOTOLINK X5000r v9.1.0cu.2350_b20230313 firmware. This issue lies within the /cgi-bin/cstecgi.cgi file and specifically impacts the setL2tpServerCfg function. Malicious actors, once authenticated, have the ability to inject OS commands through this vulnerability by sending specially crafted packets. This can potentially lead to serious consequences, including unauthorized system access and data theft. Users are advised to update their firmware to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share