CVE-2024-42747

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 78

Summary

CVE-2024-42747 is a new vulnerability affecting the TOTOLINK X5000r router in version v9.1.0cu.2350_b20230313. This issue resides in the /cgi-bin/cstecgi.cgi file, specifically in the setWanIeCfg function. The vulnerability allows authenticated attackers to execute arbitrary OS commands by sending specially crafted packets to the router. Successful exploitation could lead to unauthorized system access and potential data theft or damage. It is essential for users to update their routers to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share