CVE-2024-7464

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 5, 2024

Updated: Aug 15, 2024

CWE ID 77

Summary

CVE-2024-7464 is a critical vulnerability affecting the Telnet Service component in TOTOLINK CP900 6.3c.566. This issue enables attackers to inject commands by manipulating the argument "telnet_enabled" used in the function setTelnetCfg. The exploit can be initiated remotely, and the vulnerability identification number VDB-273557 has been assigned to it. The vulnerability was disclosed to the public, and the exploit is currently in circulation, making this a significant threat. Despite early notification, the vendor has not responded to the disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Totolink Cp900

Affected Vendors

TOTOLINK

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xeCjlX
https://www.cve.org/CVERecord?id=CVE-2024-7464
https://nvd.nist.gov/vuln/detail/CVE-2024-7464

Back to Vulnerability Database