CVE-2024-7214
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-7214 is a critical vulnerability affecting the TOTOLINK LR350 with software version 9.3.5u.6369_B20220309. The issue lies within the setWanCfg function of the /cgi-bin/cstecgi.cgi file, which can be exploited through manipulation of the hostName argument. This results in command injection, allowing remote attackers to execute arbitrary commands. The exploit for this vulnerability has been made public, increasing the risk of potential attacks. Vendor contact was made regarding this disclosure, but no response was received. The vulnerability has been assigned the identifier VDB-272785.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- TOTOLINK