A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
The severity of this vulnerability is classified as low, with a CVSS base score of 2.1. Despite the low score, organizations should remain vigilant as the potential for exploitation exists, especially given that the exploit is publicly available.
Risk to organizations includes unauthorized command execution, which could lead to further compromises or unauthorized data access. Organizations should prioritize patching immediately.
Given the remote exploitability, it is vital that affected organizations take swift action to mitigate this vulnerability. The urgency for defenders is heightened due to the availability of the exploit.
Vulnerability Details
The vulnerability allows an attacker to inject arbitrary commands through the ip parameter. The CVSS score of 2.1 reflects a low severity, primarily due to the limited impact scope and the requirement for low privileges. The affected version is Totolink LR350 firmware version 9.3.5u.6369_B20220309.
Technical Analysis
The root cause of the vulnerability lies in insufficient validation of user-supplied input in the POST request handler. This allows attackers to craft malicious requests, leading to command injection. The attack vector is network-based, and the complexity is low, as no special conditions need to be met for exploitation.
Risk & Impact Analysis
Real-world deployment risk is present due to the remote nature of the attack. Organizations must recognize that while the CVSS score is low, the risk of exploitation exists, especially in environments where the Totolink LR350 is deployed. The potential blast radius could affect multiple devices if exploited on a network.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | Yes |
Public PoC | Yes |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The affected version is Totolink LR350 firmware version 9.3.5u.6369_B20220309. Organizations should ensure that they are using the latest firmware to mitigate this vulnerability.
Mitigation & Remediation
Organizations should prioritize upgrading to the latest firmware version from Totolink. If a patch is unavailable, network controls should be implemented to restrict external access to the affected component. Additionally, organizations should consider conducting a thorough security assessment through penetration testing to identify and remediate similar vulnerabilities.
Detection Guidance
To detect potential exploitation of this vulnerability, organizations should monitor for unusual POST requests to the /cgi-bin/cstecgi.cgi endpoint. Additionally, log analysis should include tracking command execution anomalies that do not align with normal operations.
AppSecure Threat Intelligence Insight
The identification of this vulnerability highlights the ongoing risks associated with command injection flaws in network devices. Security teams should remain vigilant for similar patterns in their own environments. For further insights, organizations can benefit from exploring our vulnerability management program and consider our penetration testing methodology for enhanced security posture.
Moreover, organizations should engage in proactive measures to assess their security frameworks continually, as highlighted in our article on penetration testing costs to better allocate resources for effective remediation.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)