CVE-2024-42745
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 94
CWE ID 78
Summary
CVE-2024-42745 is a new vulnerability affecting the TOTOLINK X5000r v9.1.0cu.2350_b20230313 router. The issue lies in the /cgi-bin/cstecgi.cgi file, specifically within the setUPnPCfg function. This weakness enables authenticated attackers to execute arbitrary OS commands by sending malicious packets to the router. Successful exploitation can lead to unauthorized system access, data theft, or even complete system compromise. Router users are advised to update their firmware as soon as a patch becomes available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share