Unrated severityNVD Advisory· Published Jun 20, 2024· Updated Aug 2, 2024

CVE-2024-37626

Description

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.

Affected products

Totolink/A7000r Firmwarecpe-rescue
Totolink/A6000Rllm-fuzzy
Range: = V1.0.1-B20201211.2000

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

a6000r.commitre
github.com/lakemoon602/vuln/blob/main/totolink/TOTOlink%20A6000R%20vif_enable.mdmitre
www.totolink.netmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000