CVE-2024-34257
Published: 08 May 2024
Summary
CVE-2024-34257 is a critical-severity Improper Authorization (CWE-285) vulnerability in Totolink Ex1800T Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
TOTOLINK EX1800T firmware version V9.1.0cu.2112_B20220316 contains an improper authorization flaw (CWE-285) in the apcliEncrypType parameter. The vulnerability permits unauthenticated remote attackers to execute arbitrary commands on the device, resulting in full administrator control. It carries a CVSS 3.1 base score of 9.8 reflecting network attack vector, low complexity, and impacts to confidentiality, integrity, and availability.
An attacker with network access can directly submit crafted requests that abuse the parameter to run operating-system commands without any credentials or user interaction. Successful exploitation grants complete administrative privileges on the affected wireless router, enabling persistent access, configuration changes, or further lateral movement within the target network.
The current EPSS score of 0.8844, with a recorded peak of 0.8962, indicates a high likelihood of exploitation in the wild. Public technical reports detail the parameter manipulation but do not reference vendor patches or official mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-34717
Vulnerability details
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated arbitrary command execution via a web parameter on a public-facing router, facilitating exploitation of public-facing applications (T1190), network device CLI execution (T1059.008), and privilege escalation to administrator (T1068).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Documented procedures facilitate correct implementation and ongoing management of authorization decisions.
Periodic reviews identify and correct flaws in authorization decisions or enforcement.
The control's documentation requirement reduces improper authorization by ensuring only mission-justified actions bypass authentication.
Establishing permitted attributes and values, plus auditing changes, ensures authorization decisions are based on correctly managed policy data.
Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization.
The control explicitly requires authorization of each wireless access type prior to permitting connections.
Mandating explicit authorization of mobile device connections reduces the risk of improper authorization decisions for system access.
Specifying access authorizations for each account and requiring approvals for account requests enforces proper authorization decisions.