Vulnerability Details CVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.1%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2024-52723
-
cpe:2.3:h:totolink:x6000r:-
-
cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.1041_b20240224