CVE-2024-57011
Published: 15 January 2025
Summary
CVE-2024-57011 is a high-severity OS Command Injection (CWE-78) vulnerability in Totolink X5000R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by requiring validation of unsanitized user inputs in parameters like 'minute' in setScheduleCfg.
Restricts 'minute' parameter inputs to valid formats such as numeric values 0-59, blocking malicious command strings.
Remediates the specific flaw in setScheduleCfg by identifying, patching, and verifying fixes for input sanitization deficiencies.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in network-exposed router web function directly enables remote exploitation of public-facing app (T1190) and arbitrary Unix shell command execution (T1059.004).
NVD Description
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.
Deeper analysisAI
CVE-2024-57011, published on 2025-01-15, is an OS command injection vulnerability (CWE-78) affecting the TOTOLINK X5000R router firmware version V9.1.0cu.2350_B20230313. The issue resides in the setScheduleCfg function, where the "minute" parameters fail to properly sanitize user input, enabling attackers to inject and execute arbitrary operating system commands.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility with low attack complexity. Exploitation requires low privileges, such as those of an authenticated user, and no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially resulting in full router compromise, including data theft, configuration changes, or denial of service.
Mitigation details can be found in the referenced advisories, including the vendor site at https://www.totolink.net/ and the vulnerability disclosure at https://github.com/tiger5671/Vulnerabilities/blob/main/TOTOLINK%20X5000R/setScheduleCfg/setScheduleCfg.md. Security practitioners should check these sources for patches or workarounds specific to the affected firmware.
Details
- CWE(s)