CVE-2024-53333

Published: Nov 21, 2024Modified: Apr 4, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

Exploitability: 2.1 / Impact: 4.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.

Affected (1)

Products: Totolink: Ex200 Firmware

Totolink

1 product

Ex200 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink Ex200 Firmware	Version 4.0.3c.7646_b20201211

Running on/with	Platform Versions
Totolink Ex200	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (1)

https://github.com/luckysmallbird/Totolink-EX200-Vulnerability-1/blob/main/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.