CVE-2024-24328
Published: 30 January 2024
Summary
CVE-2024-24328 is a critical-severity OS Command Injection (CWE-78) vulnerability in Totolink A3300R Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
TOTOLINK A3300R firmware version V17.0.0cu.557_B20221024 contains a command injection vulnerability in the setMacFilterRules function. The flaw is triggered through the enable parameter and is classified under CWE-78, allowing arbitrary operating system command execution. The issue received a CVSS 3.1 score of 9.8, reflecting network attack vector, low attack complexity, and no required authentication or user interaction.
An unauthenticated remote attacker can supply a crafted enable value to the affected function, resulting in execution of arbitrary commands on the device with full system privileges. Successful exploitation grants complete control over the router, including the ability to read or modify configuration data, intercept traffic, or pivot to other hosts on the network.
The associated EPSS score stands at 0.8442 with an identical recorded peak, indicating sustained exploitation interest since disclosure. Public proof-of-concept material is available but no vendor advisory or firmware update addressing the issue has been referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-21750
Vulnerability details
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The command injection vulnerability in the router's web interface (setMacFilterRules enable parameter) enables exploitation of a public-facing application (T1190) and execution of arbitrary commands via the network device CLI (T1059.008).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.