CVE-2024-57024
TOTOLINK X5000R (firmware V9.1.0cu.2350_B20230313) contains an OS command injection vulnerability in the setWiFiScheduleCfg function, exploitable via the eMinute parameter. The underlying issue is improper input filtering/escaping for commands, enabling arbitrary command execution on the device. ...