6.8
CVE-2024-51228
- EPSS 63.24%
- Published 27.11.2024 17:15:12
- Last modified 29.11.2024 20:15:20
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendortotolink
≫
Product
a3002ru_firmware
Default Statusunknown
Version
1.0.4-B20171106.1512
Status
affected
Vendortotolink
≫
Product
n150rt_firmware
Default Statusunknown
Version
2.1.6-B20171121.1002
Status
affected
Vendortotolink
≫
Product
n300rt_firmware
Default Statusunknown
Version
2.1.6-B20170724.1420
Status
affected
Version
2.1.8-B20171113.1408
Status
affected
Version
2.1.8-B20191010.1107
Status
affected
Vendortotolink
≫
Product
n302re_firmware
Default Statusunknown
Version
2.0.2-B20170511.1523
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 63.24% | 0.983 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.