cnvd - cnvd-2024-13542

CNVD-2024-13542

Vulnerability from cnvd - Published: 2024-03-14

Title

TOTOLINK X6000R操作系统命令注入漏洞

Description

TOTOLINK X6000R是中国吉翁电子（TOTOLINK）公司的一款无线路由器。 TOTOLINK X6000R 9.4.0cu.852_20230719版本存在操作系统命令注入漏洞，该漏洞源于组件 shttpd 中的 /cgi-bin/cstecgi.cgi中的setDiagnosisCfg函数存在安全问题，通过对参数ip导致操作系统命令注入。目前没有详细的漏洞细节提供。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://cxsecurity.com/cveshow/CVE-2024-2353/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-2353

Impacted products

Name
吉翁电子（深圳）有限公司 X6000R V9.4.0cu.852_B20230719

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-2353"
    }
  },
  "description": "TOTOLINK X6000R\u662f\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\uff08TOTOLINK\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nTOTOLINK X6000R 9.4.0cu.852_20230719\u7248\u672c\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7ec4\u4ef6 shttpd \u4e2d\u7684 /cgi-bin/cstecgi.cgi\u4e2d\u7684setDiagnosisCfg\u51fd\u6570\u5b58\u5728\u5b89\u5168\u95ee\u9898\uff0c\u901a\u8fc7\u5bf9\u53c2\u6570ip\u5bfc\u81f4\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://cxsecurity.com/cveshow/CVE-2024-2353/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-13542",
  "openTime": "2024-03-14",
  "products": {
    "product": "\u5409\u7fc1\u7535\u5b50\uff08\u6df1\u5733\uff09\u6709\u9650\u516c\u53f8 X6000R V9.4.0cu.852_B20230719"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-2353",
  "serverity": "\u9ad8",
  "submitTime": "2024-03-12",
  "title": "TOTOLINK X6000R\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-2353 (GCVE-0-2024-2353)

Vulnerability from cvelistv5 – Published: 2024-03-10 07:31 – Updated: 2024-08-12 13:49

Summary

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.256313	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.256313	signaturepermissions-required
	https://github.com/OraclePi/repo/blob/main/totoli…	exploit

Impacted products

	Vendor	Product	Version
	Totolink	X6000R	Affected: 9.4.0cu.852_20230719

Credits

oraclepi (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-256313 | Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.256313"
          },
          {
            "name": "VDB-256313 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.256313"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.652_b20230116:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "x6000r_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "9.4.0cu.652_b20230116"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T17:39:33.110579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T13:49:53.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "shttpd"
          ],
          "product": "X6000R",
          "vendor": "Totolink",
          "versions": [
            {
              "status": "affected",
              "version": "9.4.0cu.852_20230719"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "oraclepi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Totolink X6000R 9.4.0cu.852_20230719 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion setDiagnosisCfg der Datei /cgi-bin/cstecgi.cgi der Komponente shttpd. Mit der Manipulation des Arguments ip mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-10T07:31:04.225Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-256313 | Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.256313"
        },
        {
          "name": "VDB-256313 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.256313"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-09T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-09T18:01:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-2353",
    "datePublished": "2024-03-10T07:31:04.225Z",
    "dateReserved": "2024-03-09T16:56:06.223Z",
    "dateUpdated": "2024-08-12T13:49:53.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-13542

CVE-2024-2353 (GCVE-0-2024-2353)

Tags

Sightings

Nomenclature