CVE-2024-57018
Published: 15 January 2025
Summary
CVE-2024-57018 is a high-severity OS Command Injection (CWE-78) vulnerability in Totolink X5000R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly requires validation and sanitization of the 'desc' parameter in setVpnAccountCfg to block OS command injection.
SI-2 mandates timely flaw remediation via firmware patching to eliminate the unsanitized input vulnerability.
SI-9 enforces restrictions on information inputs to prevent acceptance of command injection payloads in the 'desc' parameter.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing router web interface directly enables remote exploitation (T1190) and arbitrary Unix shell command execution (T1059.004).
NVD Description
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.
Deeper analysisAI
CVE-2024-57018 is an OS command injection vulnerability (CWE-78) affecting the TOTOLINK X5000R router running firmware version V9.1.0cu.2350_B20230313. The flaw exists in the setVpnAccountCfg function, where the "desc" parameter fails to properly sanitize user input, allowing injection of arbitrary operating system commands. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and potential for significant impact on confidentiality, integrity, and availability.
A remote attacker with low privileges, such as an authenticated user on the device, can exploit this vulnerability over the network without user interaction. By crafting a malicious request to the vulnerable endpoint with injected commands in the "desc" parameter, the attacker can execute arbitrary OS commands on the underlying system. Successful exploitation enables full control over the router, including data exfiltration, modification of configurations, service disruption, or use as a pivot for further network attacks.
For mitigation details, refer to the vulnerability advisory at https://github.com/tiger5671/Vulnerabilities/blob/main/TOTOLINK%20X5000R/setVpnAccountCfg/setVpnAccountCfg.md and the vendor's security page at https://www.totolink.net/. Practitioners should check these resources for patches, workarounds, or firmware updates addressing this issue.
Details
- CWE(s)