CVE-2024-57015

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 15, 2025
Updated: Jan 16, 2025
CWE ID 78

Summary

CVE-2024-57015 is a newly-discovered vulnerability affecting the TOTOLINK X5000R V9.1.0cu.2350_B20230313 firmware. This issue allows an attacker to inject OS commands via the "hour" parameter in the setScheduleCfg functionality, potentially resulting in unintended system changes or even full compromise. Users are advised to update their firmware as soon as a patch is available to mitigate this risk. Until then, it's recommended to restrict access to this feature to trusted sources or disable it altogether.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share