A critical vulnerability, CVE-2024-2353, has been identified in Totolink X6000R firmware version 9.4.0cu.852_20230719. This flaw affects the function setDiagnosisCfg of the shttpd component, specifically within the file /cgi-bin/cstecgi.cgi. Remote attackers exploit this vulnerability by manipulating the ‘ip’ argument, enabling them to execute arbitrary OS commands. Despite early vendor notification, the absence of a response has escalated the risk, with the exploit now publicly accessible, posing a significant threat to systems utilizing the affected firmware.
The ramifications of this vulnerability extend beyond mere data breaches, potentially leading to compromised system integrity and unauthorized access to sensitive information. As such, urgent remedial action is imperative to mitigate the risk and safeguard against potential exploitation. Organizations relying on Totolink X6000R firmware must promptly apply available patches or updates to address this vulnerability and fortify their cybersecurity posture. Furthermore, heightened vigilance and proactive monitoring are essential to detect and respond to any attempted exploits promptly.
Reference:
