CVE-2024-9001
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-9001 is a critical vulnerability affecting the TOTOLINK T10 firmware version 4.1.8cu.5207, specifically in the setTracerouteCfg function within the /cgi-bin/cstecgi.cgi file, which allows for OS command injection due to improper handling of input arguments. This flaw can be exploited remotely with low complexity and no user interaction required, posing significant risks to an organization's confidentiality, integrity, and availability. The vulnerability has been publicly disclosed and could potentially lead to unauthorized command execution on affected devices. To mitigate this risk, organizations should update their TOTOLINK T10 devices to a patched version as soon as it becomes available; however, the vendor has not yet responded to disclosure efforts regarding this issue. The CVSS score for this vulnerability is 8.8, indicating a high severity level that necessitates immediate attention.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.