CVE-2024-57020
Published: 15 January 2025
Summary
CVE-2024-57020 is a high-severity OS Command Injection (CWE-78) vulnerability in Totolink X5000R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
TOTOLINK X5000R firmware version V9.1.0cu.2350_B20230313 contains an OS command injection vulnerability in the setWiFiScheduleCfg function, specifically through the sMinute parameter. The flaw is tracked as CVE-2024-57020 and is classified under CWE-78, carrying a CVSS 3.1 score of 8.8 that reflects network-accessible exploitation with low attack complexity and authenticated low-privileged access.
An authenticated attacker can supply a crafted sMinute value to the affected endpoint and execute arbitrary operating-system commands on the device. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability of the router, enabling actions such as configuration changes, traffic interception, or persistence mechanisms.
The associated EPSS score rose from lower values to a peak of 0.0695 on 2025-12-11 before receding to the current 0.0338, indicating a measurable increase in observed exploitation interest after public disclosure. Public references include a detailed proof-of-concept but no vendor advisory describing patches or configuration mitigations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53493
Vulnerability details
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in router web management interface directly enables remote exploitation of public-facing apps and arbitrary Unix shell command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the OS command injection by requiring validation of the unsanitized sMinute parameter in setWiFiScheduleCfg.
Ensures timely firmware updates to remediate the specific flaw allowing arbitrary command execution on the TOTOLINK X5000R.
Restricts the sMinute parameter to valid inputs like numeric values 0-59, blocking malformed payloads used for command injection.