Cyber Resilience

CVE-2024-57036

HighPublic PoCRCE

Published: 21 January 2025

Published
21 January 2025
Modified
29 April 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0007 20.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57036 is a high-severity Command Injection (CWE-77) vulnerability in Totolink A810R Firmware. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57036 is a command insertion vulnerability (CWE-77) in the TOTOLINK A810R router firmware version V4.1.2cu.5032_B20200407. The issue exists in the main function of the downloadFile.cgi script, which allows an attacker to execute arbitrary commands by sending a specially crafted HTTP request. Published on 2025-01-21, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its network accessibility and potential for significant impact.

A remote attacker with low privileges (PR:L), such as an authenticated user, can exploit the vulnerability over the network with low attack complexity and no user interaction. By sending a malicious HTTP request to downloadFile.cgi, the attacker achieves arbitrary command execution on the device, resulting in high impacts to confidentiality and integrity, while availability remains unaffected.

The primary reference for this vulnerability is available at https://github.com/luckysmallbird/Totolink-A810R-Vulnerability-1/blob/main/3.md, which provides additional details relevant to practitioners.

EU & UK References

Vulnerability details

TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command insertion in downloadFile.cgi enables exploitation of public-facing web application (T1190) for arbitrary Unix shell command execution (T1059.004) on the router.

CVEs Like This One

CVE-2025-28135Same product: Totolink A810R
CVE-2026-31170Same vendor: Totolink
CVE-2026-31175Same vendor: Totolink
CVE-2025-52053Same vendor: Totolink
CVE-2026-5103Same vendor: Totolink
CVE-2026-1327Same vendor: Totolink
CVE-2026-1547Same vendor: Totolink
CVE-2025-1339Same vendor: Totolink
CVE-2026-0641Same vendor: Totolink
CVE-2025-2096Same vendor: Totolink

Affected Assets

totolink
a810r firmware
4.1.2cu.5032_b20200407

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents command insertion by enforcing validity checks on HTTP request inputs to the downloadFile.cgi main function.

prevent

SI-2 mitigates the vulnerability by identifying, reporting, and correcting the specific flaw in TOTOLINK A810R firmware V4.1.2cu.5032_B20200407.

detect

SI-4 detects exploitation of the command insertion vulnerability through monitoring of unauthorized commands or anomalous router activity.

References