Vulnerability Details CVE-2024-42745
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.161
EPSS Ranking 94.5%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-42745
-
cpe:2.3:h:totolink:x5000r:-
-
cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6369_b20230113