Vulnerability Details CVE-2024-7907
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.9%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 6.5
References
Products affected by CVE-2024-7907
-
cpe:2.3:h:totolink:x6000r:-
-
cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.852_b20230719