Vulnerability Details CVE-2024-34257
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.873
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md
- https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350
- https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md
- https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350
Products affected by CVE-2024-34257
-
cpe:2.3:h:totolink:ex1800t:-
-
cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316