CVE-2024-0299
Totolink N200RE 9.3.5u.6139_B20201216 is affected by a remote OS command injection in the setTracerouteCfg function of /cgi-bin/cstecgi.cgi. Exploitation targets the command parameter; the vulnerability is publicly disclosed and can be triggered remotely. Public docs do not reveal a vendor patch ...