CVE-2024-52723
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk58th percentile - higher than 58% of all known CVEs
Summary
In the TOTOLINK X6000R router running firmware version V9.4.0cu.1041_B20240224, the Uci_Set_Str function in the shttpd file is used without strict parameter filtering. An attacker can achieve arbitrary command execution by crafting a malicious payload.
Risk Assessment
The risk involves potential remote code execution by an unauthenticated attacker, which could compromise the confidentiality and integrity of data within the local network.
Recommendation
It is recommended to immediately update the TOTOLINK X6000R firmware to the latest available version that addresses this vulnerability. If no update is available, restrict management interface access to trusted networks only.
Original NVD description (English source)
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

