COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-52723

CVE-2024-52723

Severity
critical
Source
NVD · cve
Published
2024-11-22
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-52723
⚡ RCE shame 50/100 rce

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

Players implicated

totolink · vendorx6000r · productx6000r firmware · product

Description

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.