Vulnerability Details CVE-2024-42741
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.09
EPSS Ranking 92.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-42741
-
cpe:2.3:h:totolink:x5000r:-
-
cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6369_b20230113