VDB-278152 · CVE-2024-9001 · GCVE-100-278152

TOTOLINK T10 4.1.8cu.5207 /cgi-bin/cstecgi.cgi setTracerouteCfg command ବିସ୍ତାରିତ ଅଧିକାର

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame TOTOLINK T10 4.1.8cu.5207 keessatti argameera. Miidhaan irra gahe is hojii setTracerouteCfg faayilii /cgi-bin/cstecgi.cgi keessa. Dhugumatti jijjiirraa irratti raawwatame command gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-78 si geessa. Beekumsi kun yeroo 09/19/2024 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2024-9001 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 76 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 09/19/2024 04:27 PM	ଅଦ୍ୟତନ 1/1 09/20/2024 10:45 AM
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	L	L
cvss4_vuldb_vi	L	L
cvss4_vuldb_va	L	L
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7
cvss3_meta_basescore	6.3	6.3
cvss3_meta_tempscore	5.7	6.0
cvss4_vuldb_bscore	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1
advisory_date	1726696800 (09/19/2024)	1726696800 (09/19/2024)
price_0day	$0-$5k	$0-$5k
software_vendor	TOTOLINK	TOTOLINK
software_name	T10	T10
software_version	4.1.8cu.5207	4.1.8cu.5207
software_file	/cgi-bin/cstecgi.cgi	/cgi-bin/cstecgi.cgi
software_function	setTracerouteCfg	setTracerouteCfg
software_argument	command	command
vulnerability_cwe	CWE-78 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-78 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://github.com/C9Y57/TOTOLINK_setTracerouteCfg/blob/main/setTracerouteCfg.md	https://github.com/C9Y57/TOTOLINK_setTracerouteCfg/blob/main/setTracerouteCfg.md
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://github.com/C9Y57/TOTOLINK_setTracerouteCfg/blob/main/setTracerouteCfg.md	https://github.com/C9Y57/TOTOLINK_setTracerouteCfg/blob/main/setTracerouteCfg.md
source_cve	CVE-2024-9001	CVE-2024-9001
cna_responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	POC	POC
cvss2_cna_au		S
cvss2_cna_ci		P
cvss2_cna_ii		P
cvss2_cna_ai		P
cvss2_cna_basescore		6.5
cve_nvd_summary		A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cve_nvd_summaryes		Se ha encontrado una vulnerabilidad en TOTOLINK T10 4.1.8cu.5207. Se ha declarado como crítica. Esta vulnerabilidad afecta a la función setTracerouteCfg del archivo /cgi-bin/cstecgi.cgi. La manipulación del comando argument provoca la inyección de comandos del sistema operativo. El ataque se puede iniciar de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó primeramente con el proveedor sobre esta revelación, pero no respondió de ninguna manera.
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		L
cvss3_cna_i		L
cvss3_cna_a		L
cvss3_cna_basescore		6.3
cvss2_cna_av		N
cvss2_cna_ac		L

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!