CVE-2024-57017
Published: 15 January 2025
Summary
CVE-2024-57017 is a high-severity OS Command Injection (CWE-78) vulnerability in Totolink X5000R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 mandates input validation and error handling at system boundaries, directly preventing OS command injection via insufficiently validated 'pass' parameter in setVpnAccountCfg.
SI-9 enforces restrictions on information inputs such as character sets and formats, blocking malicious payloads in the 'pass' parameter that enable command injection.
SI-2 requires timely identification, reporting, and correction of flaws like this OS command injection vulnerability through patching or code remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in the authenticated web interface of a network device directly enables remote exploitation of a public-facing application (T1190) and arbitrary command execution via the network device CLI (T1059.008).
NVD Description
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
Deeper analysisAI
CVE-2024-57017 is an OS command injection vulnerability (CWE-78) affecting the TOTOLINK X5000R router on firmware version V9.1.0cu.2350_B20230313. The issue resides in the "pass" parameter of the setVpnAccountCfg function, where insufficient input validation allows attackers to inject and execute arbitrary operating system commands.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network with low attack complexity and no user interaction required. A low-privileged authenticated user (PR:L) can leverage this flaw to execute arbitrary OS commands on the device, resulting in high impacts to confidentiality, integrity, and availability, such as full system compromise.
Mitigation guidance and further details are available in the referenced advisories, including the vendor site at https://www.totolink.net/ and a vulnerability analysis with proof-of-concept at https://github.com/tiger5671/Vulnerabilities/blob/main/TOTOLINK%20X5000R/setVpnAccountCfg/setVpnAccountCfg.md.
Details
- CWE(s)