Skip to main content

X5000r Firmware CVE-2024-32354

MEDIUM
Command Injection (CWE-77)
2024-05-14 cve@mitre.org
6.0
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.0 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
May 14, 2024 - 16:17 cve.org
MEDIUM 6.0

DescriptionCVE.org

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

AnalysisAI

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. Affected products include: Totolink X5000R Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2023-30013 CRITICAL POC
9.8 May 05

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/s

CVE-2023-31569 CRITICAL POC
9.8 Jun 06

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. Rated

CVE-2025-70327 CRITICAL POC
9.8 Feb 23

Argument injection in TOTOLINK X5000R router v9.1.0cu via setDiagnosisCfg handler allows unauthenticated remote code exe

CVE-2024-32353 CRITICAL POC
9.8 May 14

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' param

CVE-2024-28639 CRITICAL POC
9.8 Mar 16

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote

CVE-2023-6612 CRITICAL POC
9.8 Dec 08

A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2023-45984 CRITICAL POC
9.8 Oct 16

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack over

CVE-2023-36950 CRITICAL POC
9.8 Oct 16

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack over

CVE-2023-36947 CRITICAL POC
9.8 Oct 16

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack over

CVE-2023-39618 CRITICAL POC
9.8 Aug 21

TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg

CVE-2023-39617 CRITICAL POC
9.8 Aug 21

TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code exec

CVE-2023-33487 CRITICAL POC
9.8 May 31

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagn

Share

CVE-2024-32354 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy