CVE-2024-7215

Summary

CVE-2024-7215 is a newly disclosed critical vulnerability that impacts the TOTOLINK LR1200 9.3.1cu.2833 firmware. This issue resides in the NTPSyncWithHost function of the /cgi-bin/cstecgi.cgi file, which can be exploited through manipulation of the host_time argument. The result is command injection, allowing remote attackers to execute arbitrary code. Unfortunately, an exploit for this vulnerability has already been made public, making it a significant threat to affected devices. The VDB-272786 identifier has been assigned to this issue. Despite being contacted about the disclosure, the vendor has yet to respond or issue a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.