CVE-2024-7907

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 18, 2024
Updated: Aug 19, 2024
CWE ID 77

Summary

CVE-2024-7907 is a critical vulnerability affecting the TOTOLINK X6000R 9.4.0cu.852_20230719 firmware. The issue lies in the function setSyslogCfg of the /cgi-bin/cstecgi.cgi file. By manipulating the rtLogServer argument, an attacker can inject commands remotely. The exploit for this vulnerability has been disclosed to the public, increasing the risk of potential attacks. Despite early notification, the vendor has not responded to the disclosure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Totolink X6000R Firmware

Affected Vendors

  • TOTOLINK