Cyber Resilience

CVE-2024-0297

HighPublic PoC

Published: 08 January 2024

Published
08 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0090 76.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0297 is a high-severity OS Command Injection (CWE-78) vulnerability in Totolink N200Re Firmware. Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 23.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-0297 is an OS command injection vulnerability affecting the Totolink N200RE router running firmware version 9.3.5u.6139_B20201216. It exists in the UploadFirmwareFile function within /cgi-bin/cstecgi.cgi, where unsanitized input to the FileName argument permits execution of arbitrary operating system commands, corresponding to CWE-78 and carrying a CVSS 3.1 base score of 7.3.

An unauthenticated attacker can exploit the issue remotely by submitting a crafted HTTP request to the device's web management interface, achieving limited control over confidentiality, integrity, and availability without requiring user interaction.

The vendor was notified prior to disclosure but provided no response or patch. Public exploit details have been released through repositories such as GitHub.

The associated EPSS score rose materially from a low starting value to a peak of 0.0656 on 2025-01-22 before receding, indicating a period of heightened exploitation interest after the vulnerability became public.

EU & UK References

Vulnerability details

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The…

more

exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

totolink
n200re firmware
9.3.5u.6139_b20201216

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References