cnvd - cnvd-2025-13901

CNVD-2025-13901

Vulnerability from cnvd - Published: 2025-06-27

Title

TOTOLINK A3600R OS命令注入漏洞

Description

TOTOLINK A3600R是一款由中国吉翁电子（TOTOLINK）公司生产的6天线1200M无线路由器‌。 TOTOLINK A3600R存在OS命令注入漏洞。该漏洞源于/cgi-bin/cstecgi.cgi文件中源于对ipDomain参数的处理不当。攻击者可利用该漏洞导致设备失效或被用于其他恶意活动等严重后果。

Severity

中

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://www.totolink.net/

Reference

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDiagnosisCfg.md https://vuldb.com/?submit.378042 https://vuldb.com/?ctiid.272596

Impacted products

Name
TOTOLINK A3600R 4.1.2cu.5182_B20201102

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-7175",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-7175"
    }
  },
  "description": "TOTOLINK A3600R\u662f\u4e00\u6b3e\u7531\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\uff08TOTOLINK\uff09\u516c\u53f8\u751f\u4ea7\u76846\u5929\u7ebf1200M\u65e0\u7ebf\u8def\u7531\u5668\u200c\u3002\n\nTOTOLINK A3600R\u5b58\u5728OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e/cgi-bin/cstecgi.cgi\u6587\u4ef6\u4e2d\u6e90\u4e8e\u5bf9ipDomain\u53c2\u6570\u7684\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u5931\u6548\u6216\u88ab\u7528\u4e8e\u5176\u4ed6\u6076\u610f\u6d3b\u52a8\u7b49\u4e25\u91cd\u540e\u679c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.totolink.net/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-13901",
  "openTime": "2025-06-27",
  "products": {
    "product": "TOTOLINK A3600R 4.1.2cu.5182_B20201102"
  },
  "referenceLink": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDiagnosisCfg.md\r\nhttps://vuldb.com/?submit.378042\r\nhttps://vuldb.com/?ctiid.272596",
  "serverity": "\u4e2d",
  "submitTime": "2024-07-29",
  "title": "TOTOLINK A3600R OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-7175 (GCVE-0-2024-7175)

Vulnerability from cvelistv5 – Published: 2024-07-29 00:31 – Updated: 2024-08-01 21:52

Title

TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection

Summary

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-78 - OS Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.272596	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.272596	signaturepermissions-required
	https://vuldb.com/?submit.378042	third-party-advisory
	https://github.com/abcdefg-png/IoT-vulnerable/blo…	exploit

Impacted products

	Vendor	Product	Version
	TOTOLINK	A3600R	Affected: 4.1.2cu.5182_B20201102

Credits

wxhwxhwxh_mie (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:a3600r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "a3600r_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "4.1.2cu.5182_b20201102"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7175",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T17:47:53.428279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T20:56:35.684Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:30.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272596 | TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272596"
          },
          {
            "name": "VDB-272596 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272596"
          },
          {
            "name": "Submit #378042 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.378042"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDiagnosisCfg.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "A3600R",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.2cu.5182_B20201102"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wxhwxhwxh_mie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion setDiagnosisCfg der Datei /cgi-bin/cstecgi.cgi. Mittels dem Manipulieren des Arguments ipDoamin mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-29T00:31:04.158Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272596 | TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272596"
        },
        {
          "name": "VDB-272596 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272596"
        },
        {
          "name": "Submit #378042 | TOTOLINK A3600R V4.1.2cu.5182_B20201102 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.378042"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDiagnosisCfg.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-28T07:39:59.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7175",
    "datePublished": "2024-07-29T00:31:04.158Z",
    "dateReserved": "2024-07-28T05:34:53.160Z",
    "dateUpdated": "2024-08-01T21:52:30.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-13901

CVE-2024-7175 (GCVE-0-2024-7175)

Tags

Sightings

Nomenclature