Cyber Resilience

CVE-2024-42966

CriticalPublic PoC

Published: 15 August 2024

Published
15 August 2024
Modified
24 October 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 40.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-42966 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Totolink N350Rt Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 40.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1602.002 Network Device Configuration Dump Collection
Adversaries may access network configuration files to collect sensitive data about the device and the network.
Why these techniques?

The vulnerability enables unauthenticated access to the router's configuration file containing usernames and passwords via a crafted web request, facilitating exploitation for credential access (T1212) and network device configuration dump (T1602.002).

Affected Assets

totolink
n350rt firmware
9.3.5u.6139_b20201216

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-863

Periodic review and update of procedures reduces incorrect authorization implementations over time.

addresses: CWE-863

Supervision identifies cases where authorization logic incorrectly permits unauthorized actions.

addresses: CWE-863

Defining permitted attribute values and auditing modifications reduces the chance of incorrect authorization outcomes due to tampered or missing labels.

addresses: CWE-863

The authorization process and usage restrictions help prevent incorrect authorization for remote access types.

addresses: CWE-863

Establishing configuration and connection requirements helps ensure correct rather than incorrect authorization for wireless access.

addresses: CWE-863

Establishing connection authorization processes for mobile devices helps ensure authorization decisions are correctly implemented rather than incorrect.

addresses: CWE-863

Monitoring account use, notifying on changes, and reviewing accounts for compliance corrects incorrect authorization assignments.

addresses: CWE-863

Ensures authorization decisions for external system use are correctly implemented and enforced.

References