CVE-2024-7160

Summary

CVE-2024-7160 is a newly disclosed critical vulnerability affecting the TOTOLINK A3700R 9.1.2u.5820_B20200513 firmware. The issue lies within the setWanCfg function of the cstecgi.cgi file, where a command injection vulnerability can be triggered by manipulating the hostName argument. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary commands on the affected device. The exploit for this vulnerability has been made public, increasing the risk of widespread exploitation, and has been assigned the identifier VDB-272574. Unfortunately, efforts to notify the vendor about this disclosure have been unsuccessful.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.