CVE-2024-8869

Summary

CVE-2024-8869 is a critical vulnerability affecting the TOTOLINK A720R router version 4.1.5, specifically linked to the function exportOvpn, which is susceptible to OS command injection. This vulnerability allows for remote exploitation, although it has a high attack complexity and requires low privileges, making exploitation challenging. The potential impact on organizations includes unauthorized command execution, which could compromise system integrity and confidentiality, albeit with limited availability risks. Remediation is necessary as the vendor has not responded to early notifications regarding this issue. Organizations using the affected devices should implement immediate security measures or software updates to mitigate risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.