Cyber Resilience

CVE-2024-24329

CriticalPublic PoCRCE

Published: 30 January 2024

Published
30 January 2024
Modified
12 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8329 99.3th percentile
Risk Priority 70 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24329 is a critical-severity OS Command Injection (CWE-78) vulnerability in Totolink A3300R Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

TOTOLINK A3300R routers running firmware version V17.0.0cu.557_B20221024 contain a command injection vulnerability in the setPortForwardRules function, where the enable parameter is passed to the system without proper sanitization. The flaw is tracked as CVE-2024-24329 and is classified under CWE-78, carrying a CVSS 3.1 score of 9.8 that reflects network-accessible exploitation without authentication or user interaction.

An unauthenticated attacker with network access can supply a crafted enable value to execute arbitrary operating-system commands on the device. Successful exploitation grants full control over the router, allowing an adversary to read or modify configuration data, intercept traffic, or pivot into the attached network.

Public proof-of-concept code has been posted to GitHub detailing the injection vector. The associated EPSS score currently stands at 0.8329 with an identical peak value, indicating sustained exploitation interest since disclosure.

EU & UK References

Vulnerability details

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

The command injection vulnerability in the router's web management interface (setPortForwardRules function via enable parameter) enables exploitation of a public-facing application (T1190) and facilitates arbitrary remote command execution on the underlying Unix shell (T1059.004).

Affected Assets

totolink
a3300r firmware
17.0.0cu.557_b20221024

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References