CVE-2024-7907

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 18, 2024

Updated: Aug 19, 2024

CWE ID 77

Summary

CVE-2024-7907 is a critical vulnerability affecting the TOTOLINK X6000R 9.4.0cu.852_20230719 firmware. The issue lies in the function setSyslogCfg of the /cgi-bin/cstecgi.cgi file. By manipulating the rtLogServer argument, an attacker can inject commands remotely. The exploit for this vulnerability has been disclosed to the public, increasing the risk of potential attacks. Despite early notification, the vendor has not responded to the disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Totolink X6000R Firmware

Affected Vendors

TOTOLINK

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/x1_TSp
https://www.cve.org/CVERecord?id=CVE-2024-7907
https://nvd.nist.gov/vuln/detail/CVE-2024-7907

Back to Vulnerability Database