cnvd - cnvd-2024-13542

cnvd-2024-13542

Vulnerability from cnvd

Title: TOTOLINK X6000R操作系统命令注入漏洞

Description:

TOTOLINK X6000R是中国吉翁电子（TOTOLINK）公司的一款无线路由器。

TOTOLINK X6000R 9.4.0cu.852_20230719版本存在操作系统命令注入漏洞，该漏洞源于组件 shttpd 中的 /cgi-bin/cstecgi.cgi中的setDiagnosisCfg函数存在安全问题，通过对参数ip导致操作系统命令注入。目前没有详细的漏洞细节提供。

Severity: 高

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://cxsecurity.com/cveshow/CVE-2024-2353/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-2353

Impacted products

Name
吉翁电子（深圳）有限公司 X6000R V9.4.0cu.852_B20230719

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-2353"
    }
  },
  "description": "TOTOLINK X6000R\u662f\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\uff08TOTOLINK\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nTOTOLINK X6000R 9.4.0cu.852_20230719\u7248\u672c\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7ec4\u4ef6 shttpd \u4e2d\u7684 /cgi-bin/cstecgi.cgi\u4e2d\u7684setDiagnosisCfg\u51fd\u6570\u5b58\u5728\u5b89\u5168\u95ee\u9898\uff0c\u901a\u8fc7\u5bf9\u53c2\u6570ip\u5bfc\u81f4\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://cxsecurity.com/cveshow/CVE-2024-2353/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-13542",
  "openTime": "2024-03-14",
  "products": {
    "product": "\u5409\u7fc1\u7535\u5b50\uff08\u6df1\u5733\uff09\u6709\u9650\u516c\u53f8 X6000R V9.4.0cu.852_B20230719"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-2353",
  "serverity": "\u9ad8",
  "submitTime": "2024-03-12",
  "title": "TOTOLINK X6000R\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-2353 (GCVE-0-2024-2353)

Vulnerability from cvelistv5

Published

2024-03-10 07:31

Modified

2024-08-12 13:49

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Summary

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

▼	URL	Tags
	https://vuldb.com/?id.256313	vdb-entry, technical-description
	https://vuldb.com/?ctiid.256313	signature, permissions-required
	https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md	exploit

Impacted products

	Vendor	Product	Version
	Totolink	X6000R	Version: 9.4.0cu.852_20230719

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-256313 | Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.256313"
          },
          {
            "name": "VDB-256313 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.256313"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "x6000r_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "9.4.0cu.652_b20230116"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T17:39:33.110579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T13:49:53.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "shttpd"
          ],
          "product": "X6000R",
          "vendor": "Totolink",
          "versions": [
            {
              "status": "affected",
              "version": "9.4.0cu.852_20230719"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "oraclepi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Totolink X6000R 9.4.0cu.852_20230719 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion setDiagnosisCfg der Datei /cgi-bin/cstecgi.cgi der Komponente shttpd. Mit der Manipulation des Arguments ip mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-10T07:31:04.225Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-256313 | Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.256313"
        },
        {
          "name": "VDB-256313 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.256313"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-09T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-09T18:01:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-2353",
    "datePublished": "2024-03-10T07:31:04.225Z",
    "dateReserved": "2024-03-09T16:56:06.223Z",
    "dateUpdated": "2024-08-12T13:49:53.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted