A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.277506 | Permissions Required |
https://vuldb.com/?id.277506 | Third Party Advisory |
https://vuldb.com/?submit.403211 | Third Party Advisory |
https://www.totolink.net/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
History
20 Sep 2024, 16:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://vuldb.com/?ctiid.277506 - Permissions Required | |
References | () https://vuldb.com/?id.277506 - Third Party Advisory | |
References | () https://vuldb.com/?submit.403211 - Third Party Advisory | |
References | () https://www.totolink.net/ - Product | |
First Time |
Totolink a720r Firmware
Totolink a720r Totolink |
|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 8.1 |
CPE | cpe:2.3:o:totolink:a720r_firmware:4.1.5:*:*:*:*:*:*:* cpe:2.3:h:totolink:a720r:-:*:*:*:*:*:*:* |
16 Sep 2024, 15:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Sep 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-15 11:15
Updated : 2024-09-20 16:59
NVD link : CVE-2024-8869
Mitre link : CVE-2024-8869
CVE.ORG link : CVE-2024-8869
JSON object : View
Products Affected
totolink
- a720r
- a720r_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')