VYPR
Unrated severityNVD Advisory· Published May 28, 2024· Updated Feb 13, 2025

CVE-2024-35397

CVE-2024-35397

Description

TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Affected products

2
  • TOTOLINK/CP900Ldescription
  • Totolink/CP900Lllm-fuzzy
    Range: = v4.1.5cu.798_B20221228

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.