CVE-2024-42744

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 15, 2024
CWE ID 78

Summary

CVE-2024-42744 is a newly disclosed vulnerability affecting the TOTOLINK X5000r v9.1.0cu.2350_b20230313 firmware. The issue lies within the /cgi-bin/cstecgi.cgi file, specifically in the setModifyVpnUser function. This vulnerability enables authenticated attackers to inject and execute arbitrary OS commands by sending malicious packets to the affected device. Successful exploitation could lead to significant unauthorized access and potential compromise of the affected network. Users are urged to apply the necessary patches as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share