Unrated severityNVD Advisory· Published May 28, 2024· Updated Feb 13, 2025
CVE-2024-35397
CVE-2024-35397
Description
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Affected products
2- TOTOLINK/CP900Ldescription
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.