CVE-2024-57012
Published: 15 January 2025
Summary
CVE-2024-57012 is a high-severity OS Command Injection (CWE-78) vulnerability in Totolink X5000R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation and sanitization of the 'week' parameter to block OS command injection in setScheduleCfg.
Ensures timely remediation of the command injection flaw through firmware updates as recommended by the vendor.
Restricts the 'week' parameter to valid schedule values, preventing injection of arbitrary OS commands.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing router firmware directly enables T1190 exploitation and Unix shell command execution via T1059.004.
NVD Description
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.
Deeper analysisAI
CVE-2024-57012, published on 2025-01-15, is an OS command injection vulnerability (CWE-78) affecting the TOTOLINK X5000R router firmware version V9.1.0cu.2350_B20230313. The issue resides in the setScheduleCfg function, where the "week" parameter fails to properly sanitize user input, allowing injection of arbitrary operating system commands. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). By crafting malicious input for the "week" parameter, an authenticated user can execute arbitrary OS commands on the device, achieving high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H). This could enable full router compromise, such as data exfiltration, persistent access, or disruption of network services.
Mitigation guidance and patch information can be found on the vendor's website at https://www.totolink.net/ and in the detailed disclosure at https://github.com/tiger5671/Vulnerabilities/blob/main/TOTOLINK%20X5000R/setScheduleCfg/setScheduleCfg.md. Security practitioners should verify firmware updates and apply input validation or access controls to the affected endpoint as interim measures.
Details
- CWE(s)