cnvd - cnvd-2024-36757

CNVD-2024-36757

Vulnerability from cnvd - Published: 2024-08-23

Title

TOTOLINK LR350命令注入漏洞

Description

TOTOLINK LR350是中国吉翁电子（TOTOLINK）公司的一款无线路由器。 TOTOLINK LR350 9.3.5u.6369_B20220309版本存在命令注入漏洞，该漏洞源于/cgi-bin/cstecgi.cgi页面的setWanCfg函数中的hostName参数未能正确过滤构造命令特殊字符、命令等。攻击者可利用该漏洞导致任意命令执行。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://vuldb.com/?id.272785

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-7214

Impacted products

Name
TOTOLINK LR350 9.3.5u.6369_B20220309

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-7214",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-7214"
    }
  },
  "description": "TOTOLINK LR350\u662f\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\uff08TOTOLINK\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nTOTOLINK LR350 9.3.5u.6369_B20220309\u7248\u672c\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e/cgi-bin/cstecgi.cgi\u9875\u9762\u7684setWanCfg\u51fd\u6570\u4e2d\u7684hostName\u53c2\u6570\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u547d\u4ee4\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://vuldb.com/?id.272785",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-36757",
  "openTime": "2024-08-23",
  "products": {
    "product": "TOTOLINK LR350 9.3.5u.6369_B20220309"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-7214",
  "serverity": "\u4e2d",
  "submitTime": "2024-08-02",
  "title": "TOTOLINK LR350\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-7214 (GCVE-0-2024-7214)

Vulnerability from cvelistv5 – Published: 2024-07-30 03:00 – Updated: 2024-08-01 21:52

Summary

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-77 - Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.272785	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.272785	signaturepermissions-required
	https://vuldb.com/?submit.378319	third-party-advisory
	https://github.com/abcdefg-png/IoT-vulnerable/blo…	exploit

Impacted products

	Vendor	Product	Version
	TOTOLINK	LR350	Affected: 9.3.5u.6369_B20220309

Credits

yhryhryhr_miemie (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:totolink:lr350:9.3.5u.6369_b20220309:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lr350",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.5u.6369_b20220309"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7214",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-30T14:37:05.291303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T17:35:01.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272785 | TOTOLINK LR350 cstecgi.cgi setWanCfg command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272785"
          },
          {
            "name": "VDB-272785 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272785"
          },
          {
            "name": "Submit #378319 | TOTOLINK LR350 V9.3.5u.6369_B20220309 Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.378319"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR350/setWanCfg.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LR350",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.5u.6369_B20220309"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_miemie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In TOTOLINK LR350 9.3.5u.6369_B20220309 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion setWanCfg der Datei /cgi-bin/cstecgi.cgi. Durch das Manipulieren des Arguments hostName mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-30T03:00:08.298Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272785 | TOTOLINK LR350 cstecgi.cgi setWanCfg command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272785"
        },
        {
          "name": "VDB-272785 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272785"
        },
        {
          "name": "Submit #378319 | TOTOLINK LR350 V9.3.5u.6369_B20220309 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.378319"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR350/setWanCfg.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-29T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-29T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-29T20:22:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK LR350 cstecgi.cgi setWanCfg command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7214",
    "datePublished": "2024-07-30T03:00:08.298Z",
    "dateReserved": "2024-07-29T18:17:40.060Z",
    "dateUpdated": "2024-08-01T21:52:31.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-36757

CVE-2024-7214 (GCVE-0-2024-7214)

Tags

Sightings

Nomenclature