Cyber Resilience

CVE-2024-24328

CriticalPublic PoCRCE

Published: 30 January 2024

Published
30 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8442 99.3th percentile
Risk Priority 70 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24328 is a critical-severity OS Command Injection (CWE-78) vulnerability in Totolink A3300R Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

TOTOLINK A3300R firmware version V17.0.0cu.557_B20221024 contains a command injection vulnerability in the setMacFilterRules function. The flaw is triggered through the enable parameter and is classified under CWE-78, allowing arbitrary operating system command execution. The issue received a CVSS 3.1 score of 9.8, reflecting network attack vector, low attack complexity, and no required authentication or user interaction.

An unauthenticated remote attacker can supply a crafted enable value to the affected function, resulting in execution of arbitrary commands on the device with full system privileges. Successful exploitation grants complete control over the router, including the ability to read or modify configuration data, intercept traffic, or pivot to other hosts on the network.

The associated EPSS score stands at 0.8442 with an identical recorded peak, indicating sustained exploitation interest since disclosure. Public proof-of-concept material is available but no vendor advisory or firmware update addressing the issue has been referenced.

EU & UK References

Vulnerability details

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The command injection vulnerability in the router's web interface (setMacFilterRules enable parameter) enables exploitation of a public-facing application (T1190) and execution of arbitrary commands via the network device CLI (T1059.008).

Affected Assets

totolink
a3300r firmware
17.0.0cu.557_b20221024

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References