CVE-2024-42736

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
13/08/2024
Last modified:
04/04/2025

Description

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:totolink:x5000r_firmware:9.1.0cu.2350_b20230313:*:*:*:*:*:*:*
cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*