CVE-2024-34257

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34257
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md
https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350
https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md
https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350
Configurations

No configuration.

History

21 Nov 2024, 09:18

Type Values Removed Values Added
References () https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md - () https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md -
References () https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350 - () https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350 -

01 Aug 2024, 19:36

Type Values Removed Values Added
CWE CWE-285
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

21 May 2024, 19:15

Type Values Removed Values Added
Summary
  • (es) TOTOLINK EX1800T V9.1.0cu.2112_B20220316 tiene una vulnerabilidad en el parámetro apcliEncrypType que permite la ejecución no autorizada de comandos arbitrarios, permitiendo a un atacante obtener privilegios de administrador del dispositivo.
References
  • () https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md -

08 May 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-08 17:15

Updated : 2024-11-21 09:18

NVD link : CVE-2024-34257

Mitre link : CVE-2024-34257

CVE.ORG link : CVE-2024-34257

JSON object : View

Products Affected

No product.

CWE
CWE-285

Improper Authorization