CVE Catalog

CVE-2024-52723

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.98%

58th percentile - higher than 58% of all known CVEs

Summary

In the TOTOLINK X6000R router running firmware version V9.4.0cu.1041_B20240224, the Uci_Set_Str function in the shttpd file is used without strict parameter filtering. An attacker can achieve arbitrary command execution by crafting a malicious payload.

Risk Assessment

The risk involves potential remote code execution by an unauthenticated attacker, which could compromise the confidentiality and integrity of data within the local network.

Recommendation

It is recommended to immediately update the TOTOLINK X6000R firmware to the latest available version that addresses this vulnerability. If no update is available, restrict management interface access to trusted networks only.

Original NVD description (English source)

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS