Vulnerability Details CVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.2%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2024-52723
-
cpe:2.3:h:totolink:x6000r:-
-
cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.1041_b20240224