Vulnerability-Lookup

CNVD-2025-15261

Vulnerability from cnvd - Published: 2025-07-08

Title

TOTOLINK A3600R cstecgi.cgi文件NTPSyncWithHost函数OS命令注入漏洞

Description

TOTOLINK A3600R是中国吉翁电子推出的6天线1200M无线路由器。 TOTOLINK A3600R存在OS命令注入漏洞，该漏洞位于/cgi-bin/cstecgi.cgi文件中的NTPSyncWithHost函数，源于对hostTime参数的处理不当，攻击者可利用该漏洞导致设备失效。

Severity

中

Patch Name

TOTOLINK A3600R cstecgi.cgi文件NTPSyncWithHost函数OS命令注入漏洞的补丁

Patch Description

TOTOLINK A3600R是中国吉翁电子推出的6天线1200M无线路由器。 TOTOLINK A3600R存在OS命令注入漏洞，该漏洞位于/cgi-bin/cstecgi.cgi文件中的NTPSyncWithHost函数，源于对hostTime参数的处理不当，攻击者可利用该漏洞导致设备失效。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/241/ids/36.html

Reference

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md https://vuldb.com/?submit.378038 https://vuldb.com/?ctiid.272592

Impacted products

Name
TOTOLINK A3600R 4.1.2cu.5182_B20201102

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-7171",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-7171"
    }
  },
  "description": "TOTOLINK A3600R\u662f\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\u63a8\u51fa\u76846\u5929\u7ebf1200M\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nTOTOLINK A3600R\u5b58\u5728OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u4f4d\u4e8e/cgi-bin/cstecgi.cgi\u6587\u4ef6\u4e2d\u7684NTPSyncWithHost\u51fd\u6570\uff0c\u6e90\u4e8e\u5bf9hostTime\u53c2\u6570\u7684\u5904\u7406\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u5931\u6548\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.totolink.net/home/menu/detail/menu_listtpl/download/id/241/ids/36.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-15261",
  "openTime": "2025-07-08",
  "patchDescription": "TOTOLINK A3600R\u662f\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\u63a8\u51fa\u76846\u5929\u7ebf1200M\u65e0\u7ebf\u8def\u7531\u5668\u3002\r\n\r\nTOTOLINK A3600R\u5b58\u5728OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u4f4d\u4e8e/cgi-bin/cstecgi.cgi\u6587\u4ef6\u4e2d\u7684NTPSyncWithHost\u51fd\u6570\uff0c\u6e90\u4e8e\u5bf9hostTime\u53c2\u6570\u7684\u5904\u7406\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u5931\u6548\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TOTOLINK A3600R cstecgi.cgi\u6587\u4ef6NTPSyncWithHost\u51fd\u6570OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "TOTOLINK A3600R 4.1.2cu.5182_B20201102"
  },
  "referenceLink": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md\r\nhttps://vuldb.com/?submit.378038\r\nhttps://vuldb.com/?ctiid.272592",
  "serverity": "\u4e2d",
  "submitTime": "2024-07-29",
  "title": "TOTOLINK A3600R cstecgi.cgi\u6587\u4ef6NTPSyncWithHost\u51fd\u6570OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-7171 (GCVE-0-2024-7171)

Vulnerability from cvelistv5 – Published: 2024-07-28 22:31 – Updated: 2024-08-01 21:52

Title

TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection

Summary

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-78 - OS Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.272592	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.272592	signaturepermissions-required
	https://vuldb.com/?submit.378038	third-party-advisory
	https://github.com/abcdefg-png/IoT-vulnerable/blo…	exploit

Impacted products

	Vendor	Product	Version
	TOTOLINK	A3600R	Affected: 4.1.2cu.5182_B20201102

Credits

wxhwxhwxh_mie (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "a3600r_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "4.1.2cu.5182_b20201102"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7171",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T16:06:06.828101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T17:13:30.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272592 | TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272592"
          },
          {
            "name": "VDB-272592 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272592"
          },
          {
            "name": "Submit #378038 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.378038"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "A3600R",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.2cu.5182_B20201102"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wxhwxhwxh_mie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine kritische Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 entdeckt. Es geht dabei um die Funktion NTPSyncWithHost der Datei /cgi-bin/cstecgi.cgi. Dank Manipulation des Arguments hostTime mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-28T22:31:03.790Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272592 | TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272592"
        },
        {
          "name": "VDB-272592 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272592"
        },
        {
          "name": "Submit #378038 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.378038"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-28T07:39:32.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7171",
    "datePublished": "2024-07-28T22:31:03.790Z",
    "dateReserved": "2024-07-28T05:34:23.500Z",
    "dateUpdated": "2024-08-01T21:52:31.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-15261

CVE-2024-7171 (GCVE-0-2024-7171)

Tags

Sightings

Nomenclature