CVE-2024-57211
Published: 10 January 2025
Description
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Security Summary
CVE-2024-57211 is a command injection vulnerability (CWE-77) in the TOTOLINK A6000R router, specifically version V1.0.1-B20201211.2000. The issue resides in the enable_wsh function, where the modifyOne parameter fails to properly sanitize user input, allowing arbitrary command execution.
The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). An attacker with adjacent network access (AV:A) and low privileges (PR:L) can exploit it with low complexity and no user interaction, achieving high impacts on confidentiality, integrity, and availability in the unchanged scope. Successful exploitation enables remote command injection, potentially leading to full router compromise.
References point to a GitHub repository documenting the vulnerability and proof-of-concept: https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_11_enable_wsh/README.md. No vendor advisories or patches are specified in the available details.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection via web parameter in router firmware enables exploitation of public-facing application (T1190) and arbitrary command execution on the network device CLI (T1059.008).