CVE-2024-57013
Published: 15 January 2025
Summary
CVE-2024-57013 is a high-severity OS Command Injection (CWE-78) vulnerability in Totolink X5000R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires input validation mechanisms at entry points like the 'switch' parameter to sanitize user input and block OS command injection.
Mandates identification, reporting, and timely patching of flaws like this firmware command injection vulnerability to prevent exploitation.
Enforces restrictions on information inputs at boundaries to limit the 'switch' parameter to safe values, preventing injection of arbitrary commands.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in internet-facing router web function directly enables remote exploitation of public-facing app (T1190) and Unix shell command execution (T1059.004).
NVD Description
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.
Deeper analysisAI
CVE-2024-57013 is an OS command injection vulnerability (CWE-78) affecting the TOTOLINK X5000R router running firmware version V9.1.0cu.2350_B20230313. The flaw exists in the setScheduleCfg function, where the "switch" parameter fails to properly sanitize user input, allowing arbitrary command execution on the underlying operating system. The vulnerability received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An attacker with low-privilege network access, such as an authenticated user, can exploit this vulnerability remotely with low complexity and no user interaction required. By crafting a malicious request to the vulnerable setScheduleCfg endpoint with injected commands in the "switch" parameter, the attacker can achieve high-impact outcomes, including unauthorized access to sensitive data (C:H), modification of system configurations or files (I:H), and disruption of router services (A:H), potentially leading to full device compromise.
Details on exploitation and analysis are documented in the GitHub advisory at https://github.com/tiger5671/Vulnerabilities/blob/main/TOTOLINK%20X5000R/setScheduleCfg/setScheduleCfg.md, while the vendor's website at https://www.totolink.net/ provides general support resources that may include relevant firmware updates or mitigation guidance.
Details
- CWE(s)