VYPR
Unrated severityNVD Advisory· Published Aug 13, 2024· Updated Aug 13, 2024

CVE-2024-42737

CVE-2024-42737

Description

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Affected products

2
  • Totolink/X5000Rcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 9.1.0cu.2350_b20230313

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.