CVE-2024-42744

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands...

TOTOLINK X5000R setModifyVpnUser Method Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R setModifyVpnUser method, which can be exploited by an attacker to execute arbitrary commands...

CVE-2024-42744

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands...

CVE-2024-42744

TOTOLINK X5000R is affected. In version 9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in the setModifyVpnUser function. An authenticated attacker can send a crafted packet to execute arbitrary commands. Affected product/component: TOTOLINK X5...

CVE-2024-42744

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands...

PT-2024-6509 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the setModifyVpnUser function, located in the /cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by...

CVE-2024-42744

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands...