Lr1200Gb Firmware
CVE-2024-0295
HIGH
OS Command Injection (CWE-78)
2024-01-08
cna@vuldb.com
7.3
CVSS 3.1 · NVD
Share
Severity by source
NVD
PRIMARY
7.3
HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Lifecycle Timeline
3
Analysis Generated
Mar 28, 2026 - 19:34 vuln.today
PoC Detected
Nov 21, 2024 - 08:46 vuln.today
Public exploit code
CVE Published
Jan 08, 2024 - 04:15 nvd
HIGH 7.3
DescriptionCVE.org
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Elevation of privilege in Samsung Galaxy Watch4 via nearby BLE connection. Allows unauthorized access to watch data.
Technical ContextAI
CWE-311.
RemediationAI
Apply Samsung security update.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).